Cyber Resilience

CVE-2025-59439

HighDDoS

Published: 03 February 2026

Published
03 February 2026
Modified
05 February 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0004 13.5th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-59439 is a high-severity Uncontrolled Resource Consumption (CWE-400) vulnerability in Samsung Exynos 990 Firmware. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 13.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-59439 is a vulnerability affecting Samsung's Exynos mobile processors, wearable processors, and modems, specifically the Exynos 980, 990, 850, 1080, 9110, W920, W930, W1000, and Modem 5123 models. The flaw arises from incorrect handling of NAS Registration messages, resulting in a denial of service due to improper handling of exceptional conditions (CWE-400). Published on 2026-02-03, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity primarily due to its impact on availability.

A remote, unauthenticated attacker can exploit this vulnerability over the network with low attack complexity and no user interaction required. By sending malformed NAS Registration messages to affected devices, the attacker triggers exceptional conditions that lead to denial of service, such as device crashes or resource exhaustion, without compromising confidentiality or integrity.

Samsung Semiconductor has published product security updates addressing CVE-2025-59439, available at https://semiconductor.samsung.com/support/quality-support/product-security-updates/ and https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-59439/. Security practitioners should consult these advisories for patching guidance and verify firmware updates on impacted Samsung devices.

EU & UK References

Vulnerability details

An issue was discovered in Samsung Mobile Processor, Wearable Processor and Modem Exynos 980, 990, 850, 1080, 9110, W920, W930, W1000 and Modem 5123. Incorrect handling of NAS Registration messages leads to a Denial of Service because of Improper Handling…

more

of Exceptional Conditions.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Malformed NAS messages enable remote exploitation of the endpoint to trigger crashes/resource exhaustion (DoS).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-43706Same product: Samsung Exynos 1080
CVE-2025-59440Same product: Samsung Exynos 1080
CVE-2025-58349Same product: Samsung Exynos 1080
CVE-2025-54324Same product: Samsung Exynos 1080
CVE-2024-46923Same vendor: Samsung
CVE-2024-50600Same product: Samsung Exynos 1080
CVE-2024-52923Same product: Samsung Exynos 1080
CVE-2025-57835Same product: Samsung Exynos 1080
CVE-2024-52924Same product: Samsung Exynos 1080
CVE-2025-57834Same product: Samsung Exynos 1080

Affected Assets

samsung
exynos 990 firmware
all versions
samsung
exynos 980 firmware
all versions
samsung
exynos 9110 firmware
all versions
samsung
exynos 1080 firmware
all versions
samsung
exynos w930 firmware
all versions
samsung
exynos w920 firmware
all versions
samsung
exynos w1000 firmware
all versions
samsung
exynos modem 5123 firmware
all versions
samsung
exynos 850 firmware
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses improper handling of exceptional conditions in NAS Registration message processing to prevent denial of service crashes or resource exhaustion.

prevent

Enforces validation of incoming NAS Registration messages to reject malformed inputs that trigger exceptional conditions leading to DoS.

prevent

Provides architectural and software protections against network-based denial-of-service attacks exploiting malformed NAS messages on affected Exynos processors and modems.

References