CVE-2025-54324
Published: 06 April 2026
Summary
CVE-2025-54324 is a high-severity Uncontrolled Resource Consumption (CWE-400) vulnerability in Samsung Exynos 990 Firmware. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Network Denial of Service (T1498); ranked at the 19.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Applying Samsung's published security updates directly remediates the flaw in DL NAS Transport packet handling to prevent denial-of-service exploitation.
Denial-of-service protection mechanisms limit resource consumption triggered by specially crafted DL NAS Transport packets.
Validating incoming DL NAS Transport packets prevents uncontrolled resource consumption from malformed inputs.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote crafted packet triggers resource exhaustion DoS on affected endpoint devices.
NVD Description
An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Incorrect…
more
Handling of a DL NAS Transport packet leads to a Denial of Service.
Deeper analysisAI
CVE-2025-54324 is a vulnerability in the Non-Access Stratum (NAS) component of various Samsung processors and modems, including Mobile Processors Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, and 9110; Wearable Processors W920, W930, and W1000; and Modems 5123, 5300, and 5400. The issue stems from incorrect handling of a Downlink (DL) NAS Transport packet, which can trigger a denial-of-service condition. It is rated 7.5 on the CVSS v3.1 scale (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and maps to CWE-400 (Uncontrolled Resource Consumption). The vulnerability was published on 2026-04-06.
Attackers can exploit this vulnerability remotely over the network with low complexity, requiring no privileges or user interaction. By sending a specially crafted DL NAS Transport packet to affected devices, an unauthenticated remote attacker can cause a denial of service, disrupting availability without impacting confidentiality or integrity.
Samsung Semiconductor has published product security updates addressing this issue, available at https://semiconductor.samsung.com/support/quality-support/product-security-updates/ and the dedicated CVE page https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-54324/. Security practitioners should consult these advisories for patching instructions and verify firmware updates on impacted Samsung devices.
Details
- CWE(s)