CVE-2025-57834
Published: 06 April 2026
Summary
CVE-2025-57834 is a high-severity Improper Input Validation (CWE-20) vulnerability in Samsung Exynos 980 Firmware. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 32.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mandates input validation at critical system points, addressing the absence of proper input validation that enables this remote DoS vulnerability.
Provides specific protections against denial-of-service events, mitigating the high availability impact from exploitation of this input validation flaw.
Requires timely identification, reporting, and correction of system flaws like this CVE, enabling patching of the vulnerable processors and modems.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Improper input validation (CWE-20) in network-reachable modem/processor components directly enables remote adversaries to trigger crashes and high-impact DoS via crafted input, matching application/system exploitation for availability impact.
NVD Description
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem (Exynos 980, 850, 990, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 1680, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400, and Modem 5410).…
more
The absence of proper input validation leads to a Denial of Service.
Deeper analysisAI
CVE-2025-57834 is a vulnerability discovered in Samsung Mobile Processor, Wearable Processor, and Modem components, specifically affecting Exynos 980, 850, 990, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 1680, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400, and Modem 5410. The issue arises from the absence of proper input validation, classified under CWE-20, which enables a Denial of Service condition. It has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) and was published on 2026-04-06.
The vulnerability can be exploited by remote attackers over the network with low attack complexity, requiring no privileges, no user interaction, and maintaining an unchanged impact scope. Successful exploitation results in high availability impact through denial of service, with no effects on confidentiality or integrity.
Samsung's product security updates are available at https://semiconductor.samsung.com/support/quality-support/product-security-updates/, with an additional reference at https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-54328/.
Details
- CWE(s)