37
CVEs
5
Critical
16
High
0
KEV
0
PoC
19
Unpatched C/H
5.4%
Patch Rate
0.0%
Avg EPSS
Severity Breakdown
CRITICAL
5
HIGH
16
MEDIUM
14
LOW
0
Monthly CVE Trend
Affected Products (30)
Exynos 1480 Firmware
60
Exynos 1380 Firmware
59
Exynos 2400 Firmware
52
Exynos 1280 Firmware
49
Exynos 2200 Firmware
41
Exynos 1330 Firmware
39
Exynos 980 Firmware
37
Exynos 1080 Firmware
36
Exynos 850 Firmware
34
Exynos W1000 Firmware
32
Exynos 1580 Firmware
32
Exynos W920 Firmware
31
Exynos W930 Firmware
31
Exynos 2100 Firmware
26
Memory Corruption
25
Exynos 990 Firmware
25
Notes
24
Exynos 9110 Firmware
17
Exynos 2500 Firmware
16
Exynos Modem 5123 Firmware
13
Exynos Modem 5300 Firmware
13
Android
12
Null Pointer Dereference
10
Exynos Modem 5400 Firmware
9
Use After Free
9
Linux Kernel
9
Modem 5123 Firmware
7
Exynos 9820 Firmware
7
Modem 5400 Firmware
7
Exynos 9825 Firmware
7
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2025-54328 | Stack-based buffer overflow in Samsung Exynos chipset SMS message processing allows remote attackers to execute arbitrary code or crash devices via malformed SMS RP-DATA messages. Affects 22 Exynos processor and modem variants across mobile, wearable, and IoT devices, requiring no user interaction. CVSS 10.0 with network-level attack vector (PR:N), scope change, and full system impact. EPSS and exploitation status not provided, but SSVC framework indicates automatable attack with total technical impact. No public exploit identified at time of analysis, though the vulnerability class (CWE-121 stack buffer overflow in SMS parsing) has high weaponization potential. | CRITICAL | 10.0 | 0.1% | 50 |
No patch
|
| CVE-2025-52909 | Buffer overflow in Samsung Exynos Wi-Fi drivers (980, 850, 1280, 1330, 1380, 1480, 1580, W920, W930, W1000) allows unauthenticated remote attackers to execute arbitrary code with high integrity/confidentiality impact through malformed NL80211 vendor command ioctl messages. Improper input validation enables network-accessible exploitation without user interaction. CVSS 9.8 critical severity. No public exploit identified at time of analysis. | CRITICAL | 9.8 | 0.0% | 49 |
No patch
|
| CVE-2025-62818 | Out-of-bounds write in Samsung Exynos chipsets (processors 980/990/850/1080/2100/1280/2200/1330/1380/1480/2400/1580/2500/9110, wearables W920/W930/W1000, modems 5123/5300/5400) allows unauthenticated remote attackers to achieve arbitrary code execution via malformed SMS TP-UD packets. Exploitation occurs through TP-UDHI/UDL value mismatch during SMS message parsing, enabling network-level attacks without user interaction. No public exploit identified at time of analysis. | CRITICAL | 9.8 | 0.0% | 49 |
No patch
|
| CVE-2025-52908 | Buffer overflow in Samsung Exynos Wi-Fi driver (980, 850, 1280, 1330, 1380, 1480, 1580, W920, W930, W1000) allows unauthenticated remote code execution via malformed NL80211 vendor command ioctl message. Incorrect handling of vendor-specific wireless configuration commands enables network-based memory corruption. CVSS 9.8 critical severity reflects network attack vector requiring no authentication or user interaction. No public exploit identified at time of analysis. Low observed exploitation activity (EPSS 0.01%). | CRITICAL | 9.8 | 0.0% | 49 |
No patch
|
| CVE-2025-58349 | Baseband denial-of-service in Samsung Exynos chipsets (980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, 5300, 5400) allows remote attackers to crash mobile device basebands via malformed LTE MAC packets without authentication. The vulnerability affects the L2 layer processing of MAC Control Elements, enabling network-based attacks against cellular connectivity. EPSS score of 0.02% indicates low observed exploitation probability, and no public exploit identified at time of analysis, though the CVSS score of 9.1 reflects the severity of remotely disrupting critical cellular communications infrastructure. | CRITICAL | 9.1 | 0.0% | 46 |
No patch
|
| CVE-2025-71143 | In the Linux kernel, the following vulnerability has been resolved: clk: samsung: exynos-clkout: Assign .num before accessing .hws Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with __counted_by") annotated the hws member of 'struct clk_hw_onecell_data' with __counted_by, which informs the bounds sanitizer (UBSAN_BOUNDS) about the number of elements in .hws[], so that it can warn when .hws[] is accessed out of bounds. | HIGH | 7.8 | 0.0% | 39 |
|
| CVE-2026-23227 | The Exynos Virtual Display driver in the Linux kernel lacks proper synchronization when allocating and freeing memory structures, enabling use-after-free conditions through race conditions between concurrent operations. A local attacker with unprivileged access can exploit this vulnerability to cause memory corruption or achieve information disclosure by manipulating display connector operations. No patch is currently available for this high-severity vulnerability affecting Linux systems with Samsung Exynos graphics hardware. | HIGH | 7.8 | 0.0% | 39 |
|
| CVE-2026-25203 | Local privilege escalation in Samsung MagicINFO 9 Server versions prior to 21.1091.1 enables authenticated low-privileged users to escalate to high privileges through incorrect default file/directory permissions. Attackers with local access can obtain complete system control, compromising confidentiality, integrity, and availability. Attack requires local access and low-level authentication but no user interaction. No public exploit identified at time of analysis. | HIGH | 7.8 | 0.0% | 39 |
No patch
|
| CVE-2026-20983 | Android versions up to 14.0 contains a vulnerability that allows attackers to launch arbitrary activity with Samsung Dialer privilege (CVSS 7.8). | HIGH | 7.8 | 0.0% | 39 |
No patch
|
| CVE-2025-62817 | An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, and 2500. A NULL pointer dereference of session->ncp_hdr_buf in __pilot_parsing_ncp() causes a denial of service. [CVSS 7.5 HIGH] | HIGH | 7.5 | 0.1% | 38 |
No patch
|
| CVE-2025-62814 | An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, and 2400. A NULL pointer dereference of ft_handle in load_fw_utc_vector() causes a denial of service. [CVSS 7.5 HIGH] | HIGH | 7.5 | 0.1% | 38 |
No patch
|
| CVE-2025-66363 | An issue was discovered in LBS in Samsung Mobile Processor Exynos 2200. There was no check for memory initialization within DL NAS Transport messages. [CVSS 7.5 HIGH] | HIGH | 7.5 | 0.1% | 38 |
No patch
|
| CVE-2025-57834 | Denial of Service in Samsung Exynos processors and modems (including 980, 850, 990, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 1680, 9110, W920, W930, W1000, and Modems 5123, 5300, 5400, 5410) allows unauthenticated remote attackers to cause complete service disruption via network-based attacks requiring low complexity and no user interaction. The vulnerability stems from improper input validation (CWE-20) affecting mobile, wearable, and baseband modem chipsets used across Samsung's semiconductor product line. No public exploit identified at time of analysis, though the CVSS vector indicates trivial exploitation conditions (AV:N/AC:L/PR:N/UI:N) that could enable network-accessible denial of service attacks against devices containing these chipsets. | HIGH | 7.5 | 0.0% | 38 |
No patch
|
| CVE-2025-59439 | An issue was discovered in Samsung Mobile Processor, Wearable Processor and Modem Exynos 980, 990, 850, 1080, 9110, W920, W930, W1000 and Modem 5123. Incorrect handling of NAS Registration messages leads to a Denial of Service because of Improper Handling of Exceptional Conditions. [CVSS 7.5 HIGH] | HIGH | 7.5 | 0.0% | 38 |
No patch
|
| CVE-2025-57835 | System crash in Samsung Exynos processors (980/990/850/1080/2100/1280/2200/1330/1380/1480/2400/1580/2500/9110, Wearable W920/W930/W1000, Modems 5123/5300/5400) allows unauthenticated remote attackers to trigger denial-of-service via malformed RRCReconfiguration message exploiting improper memory initialization in the Radio Resource Control (RRC) layer. No public exploit identified at time of analysis. EPSS score of 0.02% (5th percentile) indicates very low probability of imminent exploitation despite network-reachable attack surface and low complexity (CVSS 7.5, AV:N/AC:L/PR:N). | HIGH | 7.5 | 0.0% | 38 |
No patch
|