Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Lifecycle Timeline
3DescriptionCVE.org
An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Incorrect handling of LTE MAC packets containing many MAC Control Elements (CEs) leads to baseband crashes.
AnalysisAI
Baseband denial-of-service in Samsung Exynos chipsets (980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, 5300, 5400) allows remote attackers to crash mobile device basebands via malformed LTE MAC packets without authentication. The vulnerability affects the L2 layer processing of MAC Control Elements, enabling network-based attacks against cellular connectivity. EPSS score of 0.02% indicates low observed exploitation probability, and no public exploit identified at time of analysis, though the CVSS score of 9.1 reflects the severity of remotely disrupting critical cellular communications infrastructure.
Technical ContextAI
This vulnerability resides in the Layer 2 (data link layer) implementation of Samsung Exynos chipsets' baseband processors, specifically in the LTE Medium Access Control (MAC) protocol handler. The MAC layer manages resource allocation and multiplexing for LTE communications through Control Elements (CEs) that carry control information alongside user data. The flaw stems from incorrect handling when processing MAC packets containing an excessive number of MAC CEs, triggering a resource exhaustion condition (CWE-400: Uncontrolled Resource Consumption). When the baseband processor encounters these malformed packets, it fails to properly validate or limit the number of CEs being processed, leading to memory exhaustion, buffer overflows, or state corruption that crashes the baseband subsystem. This affects both mobile processors and standalone modems across Samsung's Exynos product line, impacting devices' ability to maintain cellular network connectivity. The baseband operates independently from the application processor, so crashes at this level can cause complete loss of cellular functionality requiring device reboot.
RemediationAI
Users should apply firmware updates provided by device manufacturers (Samsung, and OEMs using Exynos chipsets) as they become available through standard device update mechanisms. Samsung has published security advisory details at https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-58349/, though specific patched firmware versions are not publicly disclosed in available data. Device owners should check Settings > Software Update (or equivalent on their specific device) and install all available system updates. For enterprise deployments, administrators should monitor vendor security bulletins and prioritize updates for devices used in sensitive environments or by high-risk users. No effective workaround exists as the vulnerability is in baseband firmware processing mandatory LTE protocol traffic; disabling cellular connectivity would eliminate attack surface but defeats device functionality. Organizations concerned about targeted attacks could implement network-level monitoring for anomalous cellular traffic patterns or limit high-risk users to devices with confirmed patched firmware.
Arbitrary file write as SYSTEM in Samsung MagicINFO 9 Server before version 21.1050 allows remote attackers to place att
Samsung MagicINFO 9 Server contains a path traversal vulnerability allowing unauthenticated attackers to write arbitrary
Multiple stack-based buffer overflows in the BackupToAvi method in the (1) UMS_Ctrl 1.5.1.1 and (2) UMS_Ctrl_STW 2.0.1.0
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'network_ssl_u
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to read arbitrary files via a request to an un
Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive informat
Buffer overflow in the PrepareSync method in the SyncService.dll ActiveX control in Samsung Kies before 2.5.1.12123_2_7
The Samsung D6000 TV and possibly other products allow remote attackers to cause a denial of service (continuous restart
The Samsung D6000 TV and possibly other products allows remote attackers to cause a denial of service (crash) via a long
The ConnectDDNS method in the (1) STWConfigNVR 1.1.13.15 and (2) STWConfig 1.1.14.13 ActiveX controls in Samsung NET-i v
Multiple directory traversal vulnerabilities in Samsung SyncThru 6 before 1.0 allow remote attackers to delete arbitrary
Stack-based buffer overflow in the RequestScreenOptimization function in the XProcessControl.ocx ActiveX control in msls
Same weakness CWE-400 – Uncontrolled Resource Consumption
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-209247