CVE-2025-66369
Deferred Deferred - Pending Action
Denial of Service in Samsung Exynos 5G Modem

Publication date: 2026-05-05

Last updated on: 2026-05-06

Assigner: MITRE

Description
An issue was discovered in MM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, W920, W930, W1000, Modem 5123, and Modem 5300. Incorrect handling of 5G NR NAS registration accept messages leads to a Denial of Service.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-05
Last Modified
2026-05-06
Generated
2026-06-16
AI Q&A
2026-05-06
EPSS Evaluated
2026-06-14
NVD
CVE-2025-66369
EUVD
EUVD-2025-209645
Affected Vendors & Products
Showing 18 associated CPEs
Vendor Product Version / Range
samsung exynos_980 *
samsung exynos_990 *
samsung exynos_850 *
samsung exynos_2100 *
samsung exynos_1280 *
samsung exynos_2200 *
samsung exynos_1330 *
samsung exynos_1380 *
samsung exynos_1480 *
samsung exynos_2400 *
samsung exynos_1580 *
samsung exynos_2500 *
samsung w920 *
samsung w930 *
samsung w1000 *
samsung modem_5123 *
samsung modem_5300 *
samsung modem_5400 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify any impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

This vulnerability affects multiple Samsung Exynos and Modem chipsets. It is caused by incorrect handling of 5G NR NAS registration accept messages within the Modem Management (MM) module. This improper handling can lead to a Denial of Service (DoS) condition, meaning the affected device or component may become unresponsive or fail to operate correctly.

Impact Analysis

The vulnerability can cause a Denial of Service (DoS) condition on devices using the affected Samsung Exynos and Modem chipsets. This means that the device's modem functionality could be disrupted, potentially leading to loss of network connectivity or degraded performance in 5G communications.

Mitigation Strategies

The vulnerability involves incorrect handling of 5G NR NAS registration accept messages in Samsung Exynos and Modem chipsets, leading to a Denial of Service condition.

To mitigate this vulnerability, it is recommended to apply any security updates or patches provided by Samsung for the affected chipsets and modules.

Monitoring official Samsung semiconductor security update channels for patches addressing CVE-2025-66369 is advised.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-66369. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart