Skip to main content

Samsung Exynos EUVDEUVD-2025-209645

| CVE-2025-66369 HIGH
Allocation of Resources Without Limits or Throttling (CWE-770)
2026-05-05 mitre GHSA-386p-v9x3-gxpm
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
Analysis Generated
May 06, 2026 - 20:30 vuln.today
CVSS changed
May 06, 2026 - 18:22 NVD
7.5 (HIGH)
CVE Published
May 05, 2026 - 00:00 nvd
HIGH 7.5

DescriptionCVE.org

An issue was discovered in MM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Incorrect handling of 5G NR NAS registration accept messages leads to a Denial of Service.

AnalysisAI

Denial of Service vulnerability in Samsung Exynos chipsets (980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, W920, W930, W1000, and modems 5123, 5300, 5400) allows remote unauthenticated attackers to crash devices by sending malformed 5G NR NAS registration accept messages. The flaw affects the Mobility Management (MM) component's message parser, triggering resource exhaustion (CWE-770) that disrupts cellular connectivity. CVSS 7.5 (High) with network attack vector and no prerequisites, though EPSS indicates only 0.02% exploitation probability and no public exploits identified at time of analysis.

Technical ContextAI

This vulnerability resides in the Mobility Management (MM) layer of Samsung's Exynos baseband processors, which handles 5G Non-Standalone (NR) Network Attached Subsystem (NAS) protocol messages during device registration with cellular networks. NAS registration accept messages are sent by the 5G core network to confirm successful device attachment. The root cause is CWE-770 (Allocation of Resources Without Limits or Throttling), indicating the MM component fails to properly validate or constrain resource consumption when processing malformed registration messages. This affects both Application Processors (Exynos 980/990/850/2100/1280/2200/1330/1380/1480/2400/1580/2500) and dedicated modem chipsets (Modem 5123/5300/5400), plus wearable processors (W920/W930/W1000). The vulnerability sits at the intersection of cellular protocol implementation and low-level firmware, making it accessible via the radio interface without requiring physical access or user interaction.

RemediationAI

Apply firmware updates from Samsung Semiconductor as documented in the official security bulletin at https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-66369/. For end users, updates are typically delivered through device manufacturer OTA updates-check with Samsung Mobile or device OEM for availability. Specific patched firmware versions are not disclosed in public advisories. Compensating controls for high-risk environments: temporarily disable 5G connectivity and force devices to 4G/LTE mode through network settings (Settings > Connections > Mobile Networks > Network Mode > LTE/3G/2G), which eliminates exposure to 5G NR NAS message parsing but reduces network performance and disables 5G features. In enterprise deployments, implement network-based monitoring for unusual cellular disconnection patterns that might indicate exploitation attempts. No firewall or network segmentation mitigations apply as the vulnerability exists in cellular baseband firmware accessible only via radio interface.

More in N A

View all
CVE-2026-31072 CRITICAL POC
9.8 May 19

Remote code execution in APScheduler (all versions through 3.10.x and 4.0.0a5) is achievable when applications deseriali

CVE-2026-36356 CRITICAL POC
9.1 May 05

Unauthenticated remote OS command injection in MeiG Smart FORGE_SLT711 cellular gateway firmware MDM9607.LE.1.0-00110-ST

CVE-2026-31071 CRITICAL POC
9.1 May 19

Unauthenticated API access in LalanaChami Pharmacy Management System (commit 5c3d028) allows remote attackers to dump al

CVE-2025-66391 HIGH POC
8.8 Jun 17

In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write o

CVE-2026-26740 HIGH POC
8.2 Mar 18

Giflib 5.2.2 contains a buffer overflow in the EGifGCBToExtension function that fails to validate allocated memory when

CVE-2025-60464 HIGH POC
7.8 Jun 25

Denial of service in GPAC's MP4Box multimedia tool (versions before 26.02.0) arises from a use-after-free in the gf_sei_

CVE-2026-36355 HIGH POC
7.7 May 05

Arbitrary kernel memory read/write in Realtek rtl819x Jungle SDK Wi-Fi driver allows local unprivileged attackers to acc

CVE-2025-60474 HIGH POC
7.5 Jun 24

Denial of service in GPAC's MP4Box/libgpac media importer (versions before 26.02.0) lets an attacker crash the tool by s

CVE-2026-38639 HIGH POC
7.5 Jun 26

An issue in the parse_month function (/time/strptime.rs) of relibc commit ab6a2e allows attackers to cause a Denial of S

CVE-2026-38641 HIGH POC
7.5 Jun 26

Denial of service in relibc (the Redox OS C standard library) at commit 61f42d allows attackers to crash a process by ge

CVE-2026-38637 HIGH POC
7.5 Jun 25

An issue in the pthread_rwlockattr_setpshared() function of relibc commit 61f42d allows attackers to cause a Denial of S

CVE-2026-38640 HIGH POC
7.5 Jun 25

Denial of service in relibc (the Redox OS C standard library implementation, commit 61f42d) lets attackers crash a proce

Share

EUVD-2025-209645 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy