CVE-2025-58349
Published: 06 April 2026
Summary
CVE-2025-58349 is a critical-severity Uncontrolled Resource Consumption (CWE-400) vulnerability in Samsung Exynos 990 Firmware. Its CVSS base score is 9.1 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 17.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly protects against denial-of-service attacks exploiting resource exhaustion from malformed LTE MAC packets with excessive Control Elements causing baseband crashes.
Validates LTE MAC packet inputs to prevent crashes from incorrect handling of packets containing many MAC Control Elements.
Remediates the specific flaw in baseband L2 layer handling through timely application of vendor security updates for affected Exynos processors and modems.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE enables remote exploitation of LTE baseband via crafted MAC packets leading to crashes and DoS (CWE-400 resource consumption), directly matching application/system exploitation for endpoint denial of service.
NVD Description
An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Incorrect…
more
handling of LTE MAC packets containing many MAC Control Elements (CEs) leads to baseband crashes.
Deeper analysisAI
CVE-2025-58349 is a vulnerability affecting the L2 layer in Samsung Mobile Processor, Wearable Processor, and Modem components, specifically Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The flaw arises from incorrect handling of LTE MAC packets containing many MAC Control Elements (CEs), resulting in baseband crashes. It carries a CVSS v3.1 base score of 9.1 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H) and maps to CWE-400 (Uncontrolled Resource Consumption). The vulnerability was published on 2026-04-06.
A remote network-based attacker can exploit this issue without privileges or user interaction by transmitting specially crafted LTE MAC packets overloaded with CEs. The low attack complexity enables denial-of-service via baseband crashes, with high impacts on confidentiality and availability but no integrity impact, as indicated by the CVSS metrics.
Samsung provides mitigation through product security updates documented on their support site at https://semiconductor.samsung.com/support/quality-support/product-security-updates/ and the dedicated CVE page at https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-58349/.
Details
- CWE(s)