CVE-2025-66363
Uninitialized Memory Use in Exynos 2200 DL NAS Transport
Publication date: 2026-03-03
Last updated on: 2026-03-04
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| samsung | exynos_2200_firmware | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-665 | The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-66363 is a medium-severity vulnerability found in the Location Based Services (LBS) component of the Samsung Exynos 2200 processor.
The issue occurs because there is no check for memory initialization within Downlink (DL) NAS Transport messages, which means the system does not verify if the memory used in processing these messages is properly initialized.
This lack of verification can lead to improper handling of these messages.
How can this vulnerability impact me? :
The vulnerability can potentially cause improper handling of Downlink NAS Transport messages due to uninitialized memory usage.
While specific exploitation methods or impacts are not detailed, such improper handling could lead to unexpected behavior or security issues within devices using the Exynos 2200 processor.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know