CVE-2025-62814
Published: 03 March 2026
Summary
CVE-2025-62814 is a high-severity NULL Pointer Dereference (CWE-476) vulnerability in Samsung Exynos 1280 Firmware. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 20.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-62814 is a NULL pointer dereference vulnerability (CWE-476) discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, and 2400. The issue occurs in the load_fw_utc_vector() function when dereferencing a NULL ft_handle, resulting in a denial of service. It was published on 2026-03-03 with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity due to its potential for significant availability impact.
The vulnerability can be exploited remotely over the network by unauthenticated attackers with low complexity and no user interaction required. Successful exploitation leads to a denial of service, disrupting system availability without affecting confidentiality or integrity.
Samsung Semiconductor has published product security updates addressing this issue, available at https://semiconductor.samsung.com/support/quality-support/product-security-updates/ and the dedicated CVE page at https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-62814/. Security practitioners should consult these advisories for mitigation details and patching guidance specific to affected Exynos processors.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-208234
Vulnerability details
An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, and 2400. A NULL pointer dereference of ft_handle in load_fw_utc_vector() causes a denial of service.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
NULL pointer dereference enables remote exploitation leading to system crash and denial of service (T1499.004 Application or System Exploitation).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mandates timely remediation of the NULL pointer dereference flaw in Exynos processors via Samsung's published security updates to prevent DoS exploitation.
Implements denial-of-service protections tailored to block remote, unauthenticated network attacks triggering the NULL pointer dereference crash.
Requires error handling logic that checks for NULL pointers like ft_handle before dereference in firmware loading to avoid availability impacts.