How serious is CVE-2025-62815?

This vulnerability has a CVSS score of 5.5 out of 10, classified as MEDIUM severity. No public exploit code has been identified yet.

Which products are affected by CVE-2025-62815?

CVE-2025-62815 affects samsung exynos 1380 firmware. Check the full CVE details for specific version information.

How do I fix CVE-2025-62815?

To remediate CVE-2025-62815, check for security patches from samsung. Apply all available updates and security patches. If no patch is available, implement recommended workarounds or security controls to mitigate the risk.

CVE-2025-62815

Medium

|5.5

No Exploit

Plain English Summary

AI-powered analysis for quick understanding

This vulnerability allows an attacker to crash devices using the Exynos 1380 processor, leading to a denial of service where the device becomes unresponsive. It occurs when the system tries to manage CPU resources but encounters a programming error, which can happen under certain conditions during operation.

Technical Description

An issue was discovered in Samsung Mobile Processor Exynos 1380, 1480, 2400, 1580, and 2500. A NULL pointer dereference of npu_proto_drv.ast.thread_ref in set_cpu_affinity() causes a denial of service.

CVSS Vector Analysis

Attack VectorLocal

Attack ComplexityLow

Privileges RequiredLow

User InteractionNone

Confidentiality ImpactNone

Integrity ImpactNone

Availability ImpactHigh

ScopeUnchanged

Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploit Resources

Search for proof-of-concept code and exploit modules

GitHub Search Exploit-DB Nuclei Templates Metasploit Vulners

Official References

NIST NVD

Est. Bounty

$759($500-$1K)

Vendor Response

Grade APatched in 1 day

Quick Information

Published

Mar 3, 2026

about 1 month ago

Last Modified

Mar 4, 2026

about 1 month ago

Vendor

samsung

Product

exynos 1380 firmware

Related Vulnerabilities

CVE-2025-62817High

This vulnerability allows an attacker to crash devices using the Exynos 1280 processor, leading to a denial of service, which means users will be unable to use their devices. It occurs when the device tries to process certain data but encounters a programming error, specifically when a required piece of information is missing.

CVE-2025-62816Medium

This vulnerability allows an attacker to cause the affected Samsung mobile processors to crash, leading to a denial of service, which means the device can become unresponsive. To exploit this, the attacker needs to send specially crafted input to the device's boot-up process without proper validation.

CVE-2025-66363High

This vulnerability allows an attacker to potentially exploit uninitialized memory in the Exynos 2200 processor, which could lead to unauthorized access or manipulation of sensitive data. To take advantage of this flaw, the attacker would need to send specially crafted messages to the device's network services.

CVE-2025-62814High

This vulnerability allows an attacker to crash devices using the Samsung Exynos 1280 processor, leading to a denial of service where the device becomes unresponsive. It occurs when the firmware tries to access a part of memory that isn't properly set up, which can happen under certain conditions during firmware loading.