CVE-2025-59439
Published: 03 February 2026
Summary
CVE-2025-59439 is a high-severity Uncontrolled Resource Consumption (CWE-400) vulnerability in Samsung Exynos 990 Firmware. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 13.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2025-59439 is a vulnerability affecting Samsung's Exynos mobile processors, wearable processors, and modems, specifically the Exynos 980, 990, 850, 1080, 9110, W920, W930, W1000, and Modem 5123 models. The flaw arises from incorrect handling of NAS Registration messages, resulting in a denial of service due to improper handling of exceptional conditions (CWE-400). Published on 2026-02-03, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity primarily due to its impact on availability.
A remote, unauthenticated attacker can exploit this vulnerability over the network with low attack complexity and no user interaction required. By sending malformed NAS Registration messages to affected devices, the attacker triggers exceptional conditions that lead to denial of service, such as device crashes or resource exhaustion, without compromising confidentiality or integrity.
Samsung Semiconductor has published product security updates addressing CVE-2025-59439, available at https://semiconductor.samsung.com/support/quality-support/product-security-updates/ and https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-59439/. Security practitioners should consult these advisories for patching guidance and verify firmware updates on impacted Samsung devices.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-206709
Vulnerability details
An issue was discovered in Samsung Mobile Processor, Wearable Processor and Modem Exynos 980, 990, 850, 1080, 9110, W920, W930, W1000 and Modem 5123. Incorrect handling of NAS Registration messages leads to a Denial of Service because of Improper Handling…
more
of Exceptional Conditions.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Malformed NAS messages enable remote exploitation of the endpoint to trigger crashes/resource exhaustion (DoS).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly addresses improper handling of exceptional conditions in NAS Registration message processing to prevent denial of service crashes or resource exhaustion.
Enforces validation of incoming NAS Registration messages to reject malformed inputs that trigger exceptional conditions leading to DoS.
Provides architectural and software protections against network-based denial-of-service attacks exploiting malformed NAS messages on affected Exynos processors and modems.