Skip to main content

Exynos 1480 Firmware EUVDEUVD-2025-16752

| CVE-2025-23103 HIGH
Out-of-bounds Write (CWE-787)
2025-06-03 cve@mitre.org
8.6
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.6 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
Low

Lifecycle Timeline

3
EUVD ID Assigned
Mar 14, 2026 - 17:04 euvd
EUVD-2025-16752
Analysis Generated
Mar 14, 2026 - 17:04 vuln.today
CVE Published
Jun 03, 2025 - 16:15 nvd
HIGH 8.6

DescriptionCVE.org

An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length check leads to out-of-bounds writes.

AnalysisAI

CVE-2025-23103 is an out-of-bounds write vulnerability in Samsung's Exynos 1480 and 2400 mobile processors caused by insufficient length validation, allowing remote unauthenticated attackers to achieve high confidentiality impact with medium integrity and availability impact. The vulnerability has a CVSS score of 8.6 with low attack complexity and no privilege requirements, making it a significant risk to Samsung Galaxy devices using these processors; exploitation status and active use in the wild have not been confirmed at this time.

Technical ContextAI

The vulnerability exists in Samsung Mobile Processor Exynos 1480 and 2400 SoCs (System-on-Chip), which are primary processors used in Samsung Galaxy flagship and mid-range devices. The root cause is classified as CWE-787 (Out-of-bounds Write), indicating that code processing network input or other external data fails to validate buffer length before writing, allowing attackers to overflow heap or stack memory. The Exynos processors handle low-level hardware operations, cryptographic functions, and secure enclave processing; a flaw at this level can compromise the entire device security model. The lack of length checking suggests the vulnerability exists in firmware or bootloader code responsible for parsing or processing protocol messages, likely in network stack handling or secure communication channels.

RemediationAI

Samsung must release firmware/bootloader patches addressing the length validation flaw in affected Exynos processors. Users should: (1) Apply all available Samsung security updates immediately upon release, prioritizing devices with Exynos 1480/2400; (2) Monitor Samsung Security Advisory pages for firmware patches specific to CVE-2025-23103; (3) Avoid untrusted networks and disable unnecessary network services pending patches; (4) Enable all available security features (Knox, SELinux enforcement); (5) Consider network segmentation for critical Samsung devices. Vendor mitigation may include disabling vulnerable firmware code paths if identified. Samsung should release coordinated security advisories with clear device model mapping and patch timeline. Patch availability dates and version numbers should be published immediately to samsung.com/security.

CVE-2025-23099 CRITICAL
9.1 Jun 02

OOB write in Samsung Exynos 1480/2400 processors.

CVE-2025-47202 CRITICAL
9.1 Jul 07

In RRC in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 13

CVE-2025-27807 CRITICAL
9.1 Jan 05

Samsung Exynos processors (multiple models including 980, 990, 2100, 2200, 2400) and modems have an out-of-bounds write

CVE-2025-23102 HIGH
8.8 Jun 03

Double-free vulnerability in Samsung's Exynos mobile processors (models 980, 990, 1080, 2100, 1280, 2200, 1380, 1480, an

CVE-2025-23107 HIGH
8.6 Jun 03

Critical out-of-bounds write vulnerability in Samsung's Exynos 1480 and 2400 mobile processors caused by insufficient le

CVE-2025-53966 HIGH
8.4 Jan 05

An issue was discovered in Samsung Mobile Processor Exynos 1380, 1480, 2400, and 1580. Incorrect Handling of the NL80211

CVE-2025-49495 HIGH
8.4 Jan 05

An issue was discovered in the WiFi driver in Samsung Mobile Processor Exynos 1380, 1480, 2400, 1580. Mishandling of an

CVE-2025-23105 HIGH
7.8 Jun 02

Use-after-free vulnerability in Samsung's Exynos mobile processors (2200, 1480, and 2400) that allows a local attacker w

CVE-2024-46922 HIGH
7.5 Feb 12

An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. Rated high severity (CVSS 7.5), this vulnerabi

CVE-2024-46923 HIGH
7.5 Feb 12

An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. Rated high severity (CVSS 7.5), this vu

CVE-2024-50600 HIGH
7.5 Mar 06

An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480

CVE-2024-52924 HIGH
7.5 Mar 06

An issue was discovered in NRMM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990,

Share

EUVD-2025-16752 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy