CVE-2025-48025
BaseFortify
Publication date: 2025-10-20
Last updated on: 2025-10-28
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| samsung | exynos_980_firmware | * |
| samsung | exynos_980 | * |
| samsung | exynos_850_firmware | * |
| samsung | exynos_850 | * |
| samsung | exynos_1280_firmware | * |
| samsung | exynos_1280 | * |
| samsung | exynos_1330_firmware | * |
| samsung | exynos_1330 | * |
| samsung | exynos_1380_firmware | * |
| samsung | exynos_1380 | * |
| samsung | exynos_1480_firmware | * |
| samsung | exynos_1480 | * |
| samsung | exynos_1580_firmware | * |
| samsung | exynos_1580 | * |
| samsung | exynos_w930_firmware | * |
| samsung | exynos_w930 | * |
| samsung | exynos_w920_firmware | * |
| samsung | exynos_w920 | * |
| samsung | exynos_w1000_firmware | * |
| samsung | exynos_w1000 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-48025 is an improper access control vulnerability in the log file handling within the WiFi driver component of several Samsung Exynos processors. It involves insufficient restrictions on access to log files, which could allow unauthorized users to access or manipulate these files. [2]
How can this vulnerability impact me? :
This vulnerability could allow unauthorized access or manipulation of log files related to the WiFi driver on affected Samsung Exynos processors. Such unauthorized access might lead to exposure of sensitive information or potential disruption of device functionality. [2]
What immediate steps should I take to mitigate this vulnerability?
No specific mitigation steps or patched versions are provided in the available information. It is recommended to monitor official Samsung Semiconductor security updates for any released patches or guidance. [2]