How to fix EUVD-2025-209239?

Within 24 hours: Inventory Samsung devices using affected Exynos chipsets (980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modems 5123, 5300, 5400) and document SIM card management practices. Within 7 days: Contact Samsung Support for patch timeline and interim mitigation guidance; implement network-level monitoring for abnormal cellular device behavior and unexpected resets. Within 30 days: Develop device refresh strategy and establish criteria for prioritizing replacement of highest-risk deployments; establish escalation procedures for mass device failures.

Is Exynos 990 Firmware affected by EUVD-2025-209239?

CVE-2025-59440 affects Samsung Exynos chipsets across 20+ processor families used in Samsung mobile devices, wearables, and modems, enabling unauthenticated remote denial-of-service attacks via malicious SIM card commands.

EUVD-2025-209239

| CVE-2025-59440 HIGH

2026-04-06 [email protected]

GHSA-pp8m-48hh-xvpx

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Apr 06, 2026 - 18:22 vuln.today

EUVD ID Assigned

Apr 06, 2026 - 18:22 euvd

EUVD-2025-209239

CVE Published

Apr 06, 2026 - 18:16 nvd

HIGH 7.5

Description

An issue was discovered in USIM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Improper handling of SIM card proactive commands leads to a Denial of Service.

Analysis

Denial of service in Samsung Exynos USIM firmware across mobile, wearable, and modem processors allows unauthenticated remote attackers to crash affected devices via maliciously crafted SIM card proactive commands. The vulnerability affects over 20 Exynos chipset families (980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, 5300, 5400) due to improper handling of USIM proactive commands, classified as CWE-400 (Uncontrolled Resource Consumption). EPSS exploitation probability is low (0.02%, 5th percentile), no public exploit identified at time of analysis, and not currently listed in CISA KEV. Despite the high CVSS base score of 7.5, the practical exploitation requires attacker control over cellular network infrastructure or compromised SIM cards, significantly limiting real-world attack surface.

Technical Context

This vulnerability exists in the Universal Subscriber Identity Module (USIM) implementation within Samsung Exynos chipset firmware. USIM cards communicate with device baseband processors using proactive commands defined in ETSI TS 102 223 specification, which allow SIM cards to initiate actions on the device. The CWE-400 (Uncontrolled Resource Consumption) classification indicates the firmware fails to properly validate, rate-limit, or sanitize incoming proactive commands from the SIM card. This can lead to resource exhaustion in the baseband processor, causing device crashes or modem resets. The affected CPE strings identify firmware components across Samsung's entire Exynos product line spanning flagship mobile processors (990, 2100, 2200, 2400, 2500), mid-range chipsets (850, 980, 1080, 1280, 1330, 1380, 1480, 1580), wearable processors (W920, W930, W1000, 9110), and standalone modem components (5123, 5300, 5400). The vulnerability resides in the baseband firmware layer that interfaces with cellular network signaling, making it a low-level system component outside normal application sandboxing.

Affected Products

Samsung Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500 mobile processor firmware; Exynos 9110, W920, W930, W1000 wearable processor firmware; and Exynos Modem 5123, 5300, 5400 standalone modem firmware. All firmware versions for these chipsets are potentially affected as indicated by CPE wildcard version notation (cpe:2.3:o:samsung:exynos_*_firmware:-:*:*:*:*:*:*:*). These processors power smartphones, tablets, smartwatches, and IoT devices from Samsung and other OEMs who license Exynos chipsets. Specific device models and firmware build numbers are not disclosed in Samsung's advisory at https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-59440/.

Remediation

Apply firmware updates provided through Samsung Semiconductor's product security update program as detailed at https://semiconductor.samsung.com/support/quality-support/product-security-updates/ and the CVE-specific advisory at https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-59440/. End users must obtain patched firmware through device manufacturer OTA updates, as baseband firmware updates are delivered via Android/Tizen security patches from Samsung Mobile, Google, and other OEMs using affected Exynos chipsets. Organizations deploying affected devices should monitor vendor security bulletins and prioritize patch deployment for devices used in high-security contexts or by high-value targets. No workaround exists as the vulnerability resides in low-level modem firmware inaccessible to users or mobile device management solutions. Enterprise mobility management teams should inventory devices containing affected Exynos processors and establish tracking mechanisms for OEM firmware update availability.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +38

POC: 0

EUVD-2025-209239 vulnerability details – vuln.today

Back

EUVD-2025-209239

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

EUVD-2025-209239

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code