CVE-2025-27807
CRITICALSamsung Exynos and Modem Firmware - Out-of-bounds Write via Malformed NAS Packets
Title source: llmDescription
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. The lack of a length check leads to out-of-bounds writes via malformed NAS packets.
References (2)
Core 2
Core References
Scores
CVSS v3
9.1
EPSS
0.0008
EPSS Percentile
22.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-787
Status
published
Products (19)
samsung/exynos_1080_firmware
samsung/exynos_1280_firmware
samsung/exynos_1330_firmware
samsung/exynos_1380_firmware
samsung/exynos_1480_firmware
samsung/exynos_1580_firmware
samsung/exynos_2100_firmware
samsung/exynos_2200_firmware
samsung/exynos_2400_firmware
samsung/exynos_850_firmware
... and 9 more
Published
Jan 05, 2026
Tracked Since
Feb 18, 2026