How serious is CVE-2025-66363?

This vulnerability has a CVSS score of 7.5 out of 10, classified as HIGH severity. No public exploit code has been identified yet.

Which products are affected by CVE-2025-66363?

CVE-2025-66363 affects samsung exynos 2200 firmware. Check the full CVE details for specific version information.

How do I fix CVE-2025-66363?

To remediate CVE-2025-66363, check for security patches from samsung. Apply all available updates and security patches. If no patch is available, implement recommended workarounds or security controls to mitigate the risk.

CVE-2025-66363

High

|7.5

No Exploit

Plain English Summary

AI-powered analysis for quick understanding

This vulnerability allows an attacker to potentially exploit uninitialized memory in the Exynos 2200 processor, which could lead to unauthorized access or manipulation of sensitive data. To take advantage of this flaw, the attacker would need to send specially crafted messages to the device's network services.

Technical Description

An issue was discovered in LBS in Samsung Mobile Processor Exynos 2200. There was no check for memory initialization within DL NAS Transport messages.

CVSS Vector Analysis

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

Confidentiality ImpactNone

Integrity ImpactNone

Availability ImpactHigh

ScopeUnchanged

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploit Resources

Search for proof-of-concept code and exploit modules

GitHub Search Exploit-DB Nuclei Templates Metasploit Vulners

Official References

NIST NVD

Est. Bounty

$2,053($1K-$5K)

Vendor Response

Grade APatched in 1 day

Quick Information

Published

Mar 3, 2026

about 1 month ago

Last Modified

Mar 4, 2026

about 1 month ago

Vendor

samsung

Product

exynos 2200 firmware

Related Vulnerabilities

CVE-2025-62817High

This vulnerability allows an attacker to crash devices using the Exynos 1280 processor, leading to a denial of service, which means users will be unable to use their devices. It occurs when the device tries to process certain data but encounters a programming error, specifically when a required piece of information is missing.

CVE-2025-62816Medium

This vulnerability allows an attacker to cause the affected Samsung mobile processors to crash, leading to a denial of service, which means the device can become unresponsive. To exploit this, the attacker needs to send specially crafted input to the device's boot-up process without proper validation.

CVE-2025-62815Medium

This vulnerability allows an attacker to crash devices using the Exynos 1380 processor, leading to a denial of service where the device becomes unresponsive. It occurs when the system tries to manage CPU resources but encounters a programming error, which can happen under certain conditions during operation.

CVE-2025-62814High

This vulnerability allows an attacker to crash devices using the Samsung Exynos 1280 processor, leading to a denial of service where the device becomes unresponsive. It occurs when the firmware tries to access a part of memory that isn't properly set up, which can happen under certain conditions during firmware loading.