CVE-2025-53078
Published: 29 July 2025
Summary
CVE-2025-53078 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Samsung Data Management Server Firmware. Its CVSS base score is 8.0 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 21.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
The vulnerability CVE-2025-53078 is a deserialization of untrusted data flaw (CWE-502) in Samsung DMS (Data Management Server). It permits attackers to execute arbitrary code on the affected system through unauthorized file writes.
Exploitation is possible over the network by an attacker with high privileges, though the attack carries high complexity and requires no user interaction. Successful exploitation yields high impact to confidentiality, integrity, and availability, along with a changed scope.
Samsung has published security updates and related guidance at https://security.samsungda.com/securityUpdates.html. The EPSS score remains flat at a peak and current value of 0.0114 with no material rise observed.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-22975
Vulnerability details
Deserialization of Untrusted Data in Samsung DMS(Data Management Server) allows attackers to execute arbitrary code via write file to system
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Deserialization RCE on network-accessible DMS server directly enables remote exploitation of a public-facing application for arbitrary code execution.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the CVE by requiring identification, reporting, and correction of the deserialization flaw through vendor patches from Samsung advisories.
Prevents deserialization of untrusted data by validating information inputs at defined points to block malicious serialized payloads.
Protects system memory from unauthorized code execution resulting from deserialization exploits via safeguards like DEP and ASLR.