Out-of-Bounds Read Vulnerability in Samsung Exynos Mobile and Wearable Processors
CVE-2025-27891

9.1CRITICAL

Key Information:

Vendor: Samsung
Status: Exynos Mobile and Wearable Processors
Vendor: CVE Published:; 14 May 2025

What is CVE-2025-27891?

A vulnerability has been identified in multiple Samsung Exynos processors and modems, specifically related to the processing of malformed NAS packets. The absence of a proper length check can trigger out-of-bounds read conditions, potentially leading to the disclosure of sensitive information or unexpected behavior in affected products. This issue impacts a wide range of Exynos models and is crucial for users and developers to address to ensure the security of their devices.

References

https://semiconductor.samsung.com/support/quality-support...

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2025
Vulnerability Reserved
Mar 10, 2025