CVE-2025-49495
BaseFortify
Publication date: 2026-01-05
Last updated on: 2026-01-09
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| samsung | exynos_1380_firmware | * |
| samsung | exynos_1380 | * |
| samsung | exynos_1480_firmware | * |
| samsung | exynos_1480 | * |
| samsung | exynos_1580_firmware | * |
| samsung | exynos_1580 | * |
| samsung | exynos_2400_firmware | * |
| samsung | exynos_2400 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a buffer overflow issue in the WiFi driver of Samsung Exynos processors (1380, 1480, 2400, 1580). It occurs due to improper handling of an NL80211 vendor command, which can be exploited by an attacker to cause unexpected behavior in the system. [1]
How can this vulnerability impact me? :
The vulnerability can allow an attacker to exploit the buffer overflow to execute unauthorized code or compromise the system, potentially leading to loss of control over the device or unauthorized access. [1]
What immediate steps should I take to mitigate this vulnerability?
Details about patched versions or mitigation steps were not provided in the available resources, so no specific immediate mitigation steps can be suggested. [1]