Cyber Resilience

CVE-2025-62814

High

Published: 03 March 2026

Published
03 March 2026
Modified
04 March 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0007 20.5th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-62814 is a high-severity NULL Pointer Dereference (CWE-476) vulnerability in Samsung Exynos 1280 Firmware. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 20.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-62814 is a NULL pointer dereference vulnerability (CWE-476) discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, and 2400. The issue occurs in the load_fw_utc_vector() function when dereferencing a NULL ft_handle, resulting in a denial of service. It was published on 2026-03-03 with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity due to its potential for significant availability impact.

The vulnerability can be exploited remotely over the network by unauthenticated attackers with low complexity and no user interaction required. Successful exploitation leads to a denial of service, disrupting system availability without affecting confidentiality or integrity.

Samsung Semiconductor has published product security updates addressing this issue, available at https://semiconductor.samsung.com/support/quality-support/product-security-updates/ and the dedicated CVE page at https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-62814/. Security practitioners should consult these advisories for mitigation details and patching guidance specific to affected Exynos processors.

EU & UK References

Vulnerability details

An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, and 2400. A NULL pointer dereference of ft_handle in load_fw_utc_vector() causes a denial of service.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

NULL pointer dereference enables remote exploitation leading to system crash and denial of service (T1499.004 Application or System Exploitation).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-62817Same product: Samsung Exynos 1280
CVE-2024-46922Same product: Samsung Exynos 1480
CVE-2024-46923Same product: Samsung Exynos 1480
CVE-2025-59440Same product: Samsung Exynos 1280
CVE-2024-52923Same product: Samsung Exynos 1280
CVE-2024-52924Same product: Samsung Exynos 1280
CVE-2025-58349Same product: Samsung Exynos 1280
CVE-2024-50600Same product: Samsung Exynos 1280
CVE-2025-57835Same product: Samsung Exynos 1280
CVE-2025-57834Same product: Samsung Exynos 1280

Affected Assets

samsung
exynos 1280 firmware
all versions
samsung
exynos 1380 firmware
all versions
samsung
exynos 1480 firmware
all versions
samsung
exynos 2200 firmware
all versions
samsung
exynos 2400 firmware
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates timely remediation of the NULL pointer dereference flaw in Exynos processors via Samsung's published security updates to prevent DoS exploitation.

prevent

Implements denial-of-service protections tailored to block remote, unauthenticated network attacks triggering the NULL pointer dereference crash.

prevent

Requires error handling logic that checks for NULL pointers like ft_handle before dereference in firmware loading to avoid availability impacts.

References