What is the CVSS score of CVE-2025-66363?

CVE-2025-66363 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.1%.

Which versions of Exynos 2200 Firmware are affected by CVE-2025-66363?

Samsung Exynos 2200 mobile processors contain a memory initialization flaw in LBS (Location-Based Services) that could be exploited to access sensitive data or cause device instability.

How to fix or mitigate CVE-2025-66363?

Within 24 hours: Identify and inventory all Samsung devices using Exynos 2200 processors in your environment. Within 7 days: Disable LBS functionality on affected devices via MDM if business-critical, and communicate risk to device users. Within 30 days: Monitor Samsung security advisories for patches, prepare deployment procedures, and evaluate whether to restrict affected devices from handling sensitive location data pending remediation.

Exynos 2200 Firmware CVE-2025-66363

HIGH

Improper Initialization (CWE-665)

2026-03-03 cve@mitre.org

Samsung Exynos 2200 Firmware

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:05 vuln.today

CVE Published

Mar 03, 2026 - 16:16 nvd

HIGH 7.5

DescriptionNVD

An issue was discovered in LBS in Samsung Mobile Processor Exynos 2200. There was no check for memory initialization within DL NAS Transport messages.

AnalysisAI

An issue was discovered in LBS in Samsung Mobile Processor Exynos 2200. There was no check for memory initialization within DL NAS Transport messages. [CVSS 7.5 HIGH]

Technical ContextAI

Affects Exynos 2200 Firmware. An issue was discovered in LBS in Samsung Mobile Processor Exynos 2200. There was no check for memory initialization within DL NAS Transport messages.