CVE-2025-62818
Received Received - Intake
Out-of-Bounds Write in Samsung Exynos Processors via SMS Packet

Publication date: 2026-04-07

Last updated on: 2026-04-13

Assigner: MITRE

Description
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. An out-of-bounds write occurs due to a mismatch between the TP-UDHI and UDL values when processing an SMS TP-UD packet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-07
Last Modified
2026-04-13
Generated
2026-06-16
AI Q&A
2026-04-07
EPSS Evaluated
2026-06-14
NVD
CVE-2025-62818
EUVD
EUVD-2025-209268
Affected Vendors & Products
Showing 20 associated CPEs
Vendor Product Version / Range
samsung exynos_990_firmware *
samsung exynos_980_firmware *
samsung exynos_850_firmware *
samsung exynos_1080_firmware *
samsung exynos_1280_firmware *
samsung exynos_1330_firmware *
samsung exynos_1380_firmware *
samsung exynos_1480_firmware *
samsung exynos_1580_firmware *
samsung exynos_9110_firmware *
samsung exynos_2100_firmware *
samsung exynos_2200_firmware *
samsung exynos_2400_firmware *
samsung exynos_2500_firmware *
samsung exynos_w930_firmware *
samsung exynos_w920_firmware *
samsung exynos_w1000_firmware *
samsung exynos_modem_5400_firmware *
samsung exynos_modem_5300_firmware *
samsung exynos_modem_5123_firmware *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-62818 is a medium-severity vulnerability affecting Samsung Exynos processors and modems. It occurs due to an out-of-bounds write caused by a mismatch between the TP-UDHI (Transport Protocol User Data Header Indicator) and UDL (User Data Length) values when processing SMS TP-UD (Transport Protocol User Data) packets. This mismatch leads to improper handling of SMS data, which can cause memory corruption.

Impact Analysis

The vulnerability can lead to memory corruption in affected Samsung Exynos processors and modems when processing specially crafted SMS messages. This memory corruption could potentially be exploited to cause unexpected behavior, crashes, or possibly allow an attacker to execute arbitrary code, impacting the stability and security of the device.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-62818. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart