CVE-2025-27891
CRITICALSamsung Exynos 980 Firmware - Out-of-Bounds Read
Title source: ruleDescription
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. The lack of a length check leads to out-of-bounds reads via malformed NAS packets.
References (2)
Core 2
Core References
Scores
CVSS v3
9.1
EPSS
0.0043
EPSS Percentile
62.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-125
Status
published
Products (17)
samsung/exynos_1080_firmware
samsung/exynos_1280_firmware
samsung/exynos_1330_firmware
samsung/exynos_1380_firmware
samsung/exynos_1480_firmware
samsung/exynos_2100_firmware
samsung/exynos_2200_firmware
samsung/exynos_2400_firmware
samsung/exynos_850_firmware
samsung/exynos_980_firmware
... and 7 more
Published
May 14, 2025
Tracked Since
Feb 18, 2026