CVE-2025-27891
CRITICALSamsung Exynos and Modem Firmware - Out-of-bounds Read via Malformed NAS Packets
Title source: llmDescription
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. The lack of a length check leads to out-of-bounds reads via malformed NAS packets.
References (2)
Core 2
Core References
Scores
CVSS v3
9.1
EPSS
0.0040
EPSS Percentile
31.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-125
Status
published
Products (17)
samsung/exynos_1080_firmware
samsung/exynos_1280_firmware
samsung/exynos_1330_firmware
samsung/exynos_1380_firmware
samsung/exynos_1480_firmware
samsung/exynos_2100_firmware
samsung/exynos_2200_firmware
samsung/exynos_2400_firmware
samsung/exynos_850_firmware
samsung/exynos_980_firmware
... and 7 more
Published
May 14, 2025
Tracked Since
Feb 18, 2026