CVE-2026-25204
Analyzed Analyzed - Analysis Complete
Deserialization Vulnerability in Samsung Escarogt Causes DoS

Publication date: 2026-04-13

Last updated on: 2026-06-02

Assigner: Samsung TV & Appliance

Description
Deserialization of untrusted data vulnerability in Samsung Open Source Escargot Java Script allows denial of service condition via process abort. This issue affects escarogt prior toΒ commit hash 97e8115ab1110bc502b4b5e4a0c689a71520d335
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-13
Last Modified
2026-06-02
Generated
2026-06-16
AI Q&A
2026-04-13
EPSS Evaluated
2026-06-15
NVD
CVE-2026-25204
EUVD
EUVD-2026-21762
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
samsung escargot to 2026-03-28 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
CWE-843 The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-25204 is a vulnerability in the Samsung Open Source Escargot JavaScript engine caused by deserialization of untrusted data. This flaw can lead to a denial of service condition by causing the process to abort unexpectedly.

The issue arises from unsafe deserialization practices that may result in invalid pointer dereferences and crashes. The vulnerability was addressed by improving serialization and exception handling mechanisms to prevent such unsafe operations.

Impact Analysis

This vulnerability can cause denial of service by aborting the process running the Escargot JavaScript engine. This means that applications or systems using this engine could unexpectedly crash or become unavailable.

While it does not impact confidentiality or integrity, the availability impact (CVSS score 6.2) could disrupt services relying on this engine, potentially leading to downtime or degraded user experience.

Detection Guidance

This vulnerability involves deserialization of untrusted data causing denial of service via process abort in the Samsung Escarogt JavaScript engine. Detection would focus on monitoring for abnormal process aborts or crashes related to the Escarogt engine.

Since the issue is internal to the Escarogt engine's handling of serialization and deserialization, there are no specific network commands or signatures provided to detect exploitation attempts.

To detect potential exploitation, you can monitor system logs for process aborts or crashes of applications using the Escarogt engine.

  • Use system logs (e.g., journalctl on Linux) to check for abnormal termination of Escarogt-related processes.
  • Run commands like `ps` or `top` to monitor Escarogt process status and look for unexpected exits.
  • Use debugging or crash dump tools to analyze any core dumps generated by Escarogt process aborts.
Mitigation Strategies

The primary mitigation is to update the Samsung Escarogt JavaScript engine to the fixed version that includes the patch set merged in commit hash 97e8115ab1110bc502b4b5e4a0c689a71520d335 or later.

This update addresses unsafe deserialization, exception handling, and stack trace management issues that could cause process aborts.

Until the update can be applied, avoid processing untrusted serialized data with the Escarogt engine to reduce risk of denial of service.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-25204. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart