97
CVEs
5
Critical
24
High
0
KEV
0
PoC
26
Unpatched C/H
8.2%
Patch Rate
0.0%
Avg EPSS
Severity Breakdown
CRITICAL
5
HIGH
24
MEDIUM
66
LOW
0
Monthly CVE Trend
Affected Products (30)
Android
205
Exynos 1380 Firmware
106
Exynos 1280 Firmware
100
Exynos 980 Firmware
95
Exynos 1080 Firmware
81
Exynos 1330 Firmware
80
Exynos 850 Firmware
78
Exynos 1480 Firmware
77
Exynos 2200 Firmware
74
Exynos 2400 Firmware
66
Exynos W920 Firmware
60
Notes
57
Exynos 2100 Firmware
52
Exynos W930 Firmware
50
Sth Eth 250 Firmware
40
Exynos Modem 5300 Firmware
38
Exynos 9110 Firmware
37
Exynos Modem 5123 Firmware
36
Exynos 990 Firmware
36
Exynos W1000 Firmware
33
Exynos 1580 Firmware
32
Account
28
Samsung Mobile
27
Internet
26
Exynos 9820 Firmware
23
Exynos Auto T5123 Firmware
21
Linux Kernel
17
Exynos 2500 Firmware
16
Exynos 9825 Firmware
15
Mtower
13
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2025-54328 | Stack-based buffer overflow in Samsung Exynos chipset SMS message processing allows remote attackers to execute arbitrary code or crash devices via malformed SMS RP-DATA messages. Affects 22 Exynos processor and modem variants across mobile, wearable, and IoT devices, requiring no user interaction. CVSS 10.0 with network-level attack vector (PR:N), scope change, and full system impact. EPSS and exploitation status not provided, but SSVC framework indicates automatable attack with total technical impact. No public exploit identified at time of analysis, though the vulnerability class (CWE-121 stack buffer overflow in SMS parsing) has high weaponization potential. | CRITICAL | 10.0 | 0.1% | 50 |
No patch
|
| CVE-2025-52909 | Buffer overflow in Samsung Exynos Wi-Fi drivers (980, 850, 1280, 1330, 1380, 1480, 1580, W920, W930, W1000) allows unauthenticated remote attackers to execute arbitrary code with high integrity/confidentiality impact through malformed NL80211 vendor command ioctl messages. Improper input validation enables network-accessible exploitation without user interaction. CVSS 9.8 critical severity. No public exploit identified at time of analysis. | CRITICAL | 9.8 | 0.0% | 49 |
No patch
|
| CVE-2025-62818 | Out-of-bounds write in Samsung Exynos chipsets (processors 980/990/850/1080/2100/1280/2200/1330/1380/1480/2400/1580/2500/9110, wearables W920/W930/W1000, modems 5123/5300/5400) allows unauthenticated remote attackers to achieve arbitrary code execution via malformed SMS TP-UD packets. Exploitation occurs through TP-UDHI/UDL value mismatch during SMS message parsing, enabling network-level attacks without user interaction. No public exploit identified at time of analysis. | CRITICAL | 9.8 | 0.0% | 49 |
No patch
|
| CVE-2025-52908 | Buffer overflow in Samsung Exynos Wi-Fi driver (980, 850, 1280, 1330, 1380, 1480, 1580, W920, W930, W1000) allows unauthenticated remote code execution via malformed NL80211 vendor command ioctl message. Incorrect handling of vendor-specific wireless configuration commands enables network-based memory corruption. CVSS 9.8 critical severity reflects network attack vector requiring no authentication or user interaction. No public exploit identified at time of analysis. Low observed exploitation activity (EPSS 0.01%). | CRITICAL | 9.8 | 0.0% | 49 |
No patch
|
| CVE-2025-58349 | Baseband denial-of-service in Samsung Exynos chipsets (980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, 5300, 5400) allows remote attackers to crash mobile device basebands via malformed LTE MAC packets without authentication. The vulnerability affects the L2 layer processing of MAC Control Elements, enabling network-based attacks against cellular connectivity. EPSS score of 0.02% indicates low observed exploitation probability, and no public exploit identified at time of analysis, though the CVSS score of 9.1 reflects the severity of remotely disrupting critical cellular communications infrastructure. | CRITICAL | 9.1 | 0.0% | 46 |
No patch
|
| CVE-2026-8915 | Out-of-bounds write in Samsung's Escargot JavaScript engine allows attacker-supplied scripts to corrupt memory through the ArrayBuffer.prototype.transfer() built-in, with high confidentiality, integrity, and availability impact (CVSS 8.8). The flaw stems from a missing length-bounds check when transferring an ArrayBuffer to a new byte length, enabling writes past the allocated buffer that can lead to remote code execution if a victim runs the malicious script. No public exploit has been identified at time of analysis, and no EPSS or CISA KEV data was provided. | HIGH | 8.8 | 0.0% | 44 |
No patch
|
| CVE-2026-25208 | Integer overflow in Samsung Escargot JavaScript engine allows remote attackers to trigger buffer overflows without authentication via network-delivered crafted JavaScript code. Affects commit 97e8115ab and prior versions. No public exploit identified at time of analysis, though upstream fix available (PR/commit); released patched version not independently confirmed. With CVSS 8.1 (High) and network attack vector requiring high complexity, this represents significant risk for devices and applications embedding the Escargot engine, particularly Samsung smart TV and appliance platforms. | HIGH | 8.1 | 0.0% | 41 |
No patch
|
| CVE-2026-45956 | Local privilege escalation and memory corruption in the Linux kernel's Exynos DRM VIDI (Virtual Display) driver allows local users with access to the DRM device to trigger null pointer dereferences, garbage value accesses, out-of-bounds reads, or use-after-free conditions via the vidi_connection_ioctl() handler. The flaw stems from an incorrect device-to-context lookup that retrieves driver_data from the exynos-drm master device instead of the VIDI component device. A vendor patch is available across multiple stable branches, no public exploit identified at time of analysis, and EPSS rates exploitation probability at only 0.02%. | HIGH | 7.8 | 0.0% | 39 |
|
| CVE-2026-23227 | Use-after-free in Linux kernel's Exynos Virtual Display (drm/exynos vidi) driver allows local authenticated users to potentially execute arbitrary code, escalate privileges, or cause denial of service. The vulnerability stems from missing lock protection during concurrent memory allocation/deallocation operations in the vidi_context structure. EPSS score of 0.02% indicates low observed exploitation probability. Vendor patches available across multiple kernel stable branches. | HIGH | 7.8 | 0.0% | 39 |
|
| CVE-2026-25203 | Local privilege escalation in Samsung MagicINFO 9 Server versions prior to 21.1091.1 enables authenticated low-privileged users to escalate to high privileges through incorrect default file/directory permissions. Attackers with local access can obtain complete system control, compromising confidentiality, integrity, and availability. Attack requires local access and low-level authentication but no user interaction. No public exploit identified at time of analysis. | HIGH | 7.8 | 0.0% | 39 |
No patch
|
| CVE-2026-20983 | Android versions up to 14.0 contains a vulnerability that allows attackers to launch arbitrary activity with Samsung Dialer privilege (CVSS 7.8). | HIGH | 7.8 | 0.0% | 39 |
No patch
|
| CVE-2026-47310 | Use-after-free memory corruption in Samsung's Escargot JavaScript engine (commit 590345cc6258317c5da850d846ce6baaf2afc2d3) enables pointer manipulation when processing crafted JavaScript content, with CVSS 7.8 reflecting high-impact local exploitation requiring user interaction. The affected codepaths include evaluator error handling, TypedArray copyWithin operations on resizable buffers, DataView coercion, and array fast-mode transitions - all triggerable by attacker-controlled script. No public exploit identified at time of analysis and the CVE is not listed in CISA KEV. | HIGH | 7.8 | 0.0% | 39 |
No patch
|
| CVE-2026-47311 | Heap-based buffer overflow in Samsung's Escargot JavaScript engine (commit 590345cc6258317c5da850d846ce6baaf2afc2d3) allows remote attackers to corrupt heap memory and likely achieve arbitrary code execution when a victim processes attacker-controlled JavaScript. No public exploit identified at time of analysis, but the upstream fix (PR #1565) reveals multiple memory-safety hardening changes including integer underflow protection in TypedArray.copyWithin, fast-mode array conversion checks during spread operations, and OOM handling, indicating concrete reachable corruption paths. CVSS 7.8 with local attack vector and required user interaction reflects the engine's typical embedding context (apps, IoT, smart TV runtimes) rather than network-facing services. | HIGH | 7.8 | 0.0% | 39 |
No patch
|
| CVE-2026-47314 | Out-of-bounds write in Samsung's Escargot lightweight JavaScript engine (commit 590345cc6258317c5da850d846ce6baaf2afc2d3) allows attackers to corrupt memory by inducing buffer overflows through crafted JavaScript. Exploitation requires local execution of attacker-supplied script content with user interaction, but successful triggering yields high impact to confidentiality, integrity, and availability (CVSS 7.8). No public exploit identified at time of analysis and the issue is not on the CISA KEV list. | HIGH | 7.8 | 0.0% | 39 |
No patch
|
| CVE-2025-62817 | An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, and 2500. A NULL pointer dereference of session->ncp_hdr_buf in __pilot_parsing_ncp() causes a denial of service. [CVSS 7.5 HIGH] | HIGH | 7.5 | 0.1% | 38 |
No patch
|