CVE-2025-27807 | Severity.io

Description

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. The lack of a length check leads to out-of-bounds writes via malformed NAS packets.

Related CPE's

exynos_990_firmware

Vulnerable

exynos_980_firmware

Vulnerable

exynos_850_firmware

Vulnerable

exynos_1080_firmware

Vulnerable

exynos_2100_firmware

Vulnerable

exynos_1280_firmware

Vulnerable

exynos_2200_firmware

Vulnerable

exynos_1330_firmware

Vulnerable

exynos_1380_firmware

Vulnerable

exynos_1480_firmware

Vulnerable

exynos_1580_firmware

Vulnerable

exynos_2400_firmware

Vulnerable

exynos_9110_firmware

Vulnerable

exynos_w930_firmware

Vulnerable

exynos_w920_firmware

Vulnerable

exynos_w1000_firmware

Vulnerable

modem_5123_firmware

Vulnerable

modem_5300_firmware

Vulnerable

modem_5400_firmware

Vulnerable

References

https://semiconductor.samsung.com/support/quality-support/product-security-updates/

Vendor Advisory

https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-27807/

Vendor Advisory

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0

Secondary

CWE-787

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

9.1 · Critical

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2026-01-05T19:15:55.933Z

4 days ago

Last modified

2026-01-09T14:14:39.700Z

26 hours ago