CVE-2025-66369
Denial of Service in Samsung Exynos 5G Modem
Publication date: 2026-05-05
Last updated on: 2026-05-06
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| samsung | exynos_980 | * |
| samsung | exynos_990 | * |
| samsung | exynos_850 | * |
| samsung | exynos_2100 | * |
| samsung | exynos_1280 | * |
| samsung | exynos_2200 | * |
| samsung | exynos_1330 | * |
| samsung | exynos_1380 | * |
| samsung | exynos_1480 | * |
| samsung | exynos_2400 | * |
| samsung | exynos_1580 | * |
| samsung | exynos_2500 | * |
| samsung | w920 | * |
| samsung | w930 | * |
| samsung | w1000 | * |
| samsung | modem_5123 | * |
| samsung | modem_5300 | * |
| samsung | modem_5400 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects multiple Samsung Exynos and Modem chipsets. It is caused by incorrect handling of 5G NR NAS registration accept messages within the Modem Management (MM) module. This improper handling can lead to a Denial of Service (DoS) condition, meaning the affected device or component may become unresponsive or fail to operate correctly.
How can this vulnerability impact me? :
The vulnerability can cause a Denial of Service (DoS) condition on devices using the affected Samsung Exynos and Modem chipsets. This means that the device's modem functionality could be disrupted, potentially leading to loss of network connectivity or degraded performance in 5G communications.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability involves incorrect handling of 5G NR NAS registration accept messages in Samsung Exynos and Modem chipsets, leading to a Denial of Service condition.
To mitigate this vulnerability, it is recommended to apply any security updates or patches provided by Samsung for the affected chipsets and modules.
Monitoring official Samsung semiconductor security update channels for patches addressing CVE-2025-66369 is advised.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.