Cyber Posture

CVE-2025-62814

High

Published: 03 March 2026

Published
03 March 2026
Modified
04 March 2026
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0007 20.2th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-62814 is a high-severity NULL Pointer Dereference (CWE-476) vulnerability in Samsung Exynos 1280 Firmware. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 20.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Application or System Exploitation (T1499.004).
Threat & Defense Details

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
attack.mitre.org →
Why these techniques?

NULL pointer dereference enables remote exploitation leading to system crash and denial of service (T1499.004 Application or System Exploitation).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, and 2400. A NULL pointer dereference of ft_handle in load_fw_utc_vector() causes a denial of service.

Deeper analysisAI

CVE-2025-62814 is a NULL pointer dereference vulnerability (CWE-476) discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, and 2400. The issue occurs in the load_fw_utc_vector() function when dereferencing a NULL ft_handle, resulting in a denial of service. It was published on 2026-03-03 with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity due to its potential for significant availability impact.

The vulnerability can be exploited remotely over the network by unauthenticated attackers with low complexity and no user interaction required. Successful exploitation leads to a denial of service, disrupting system availability without affecting confidentiality or integrity.

Samsung Semiconductor has published product security updates addressing this issue, available at https://semiconductor.samsung.com/support/quality-support/product-security-updates/ and the dedicated CVE page at https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-62814/. Security practitioners should consult these advisories for mitigation details and patching guidance specific to affected Exynos processors.

Details

CWE(s)
CWE-476

Affected Products

samsung
exynos 1280 firmware
all versions
samsung
exynos 1380 firmware
all versions
samsung
exynos 1480 firmware
all versions
samsung
exynos 2200 firmware
all versions
samsung
exynos 2400 firmware
all versions

CVEs Like This One

CVE-2025-62817Same product: Samsung Exynos 1280
CVE-2024-46922Same product: Samsung Exynos 1480
CVE-2025-57835Same product: Samsung Exynos 1280
CVE-2024-52924Same product: Samsung Exynos 1280
CVE-2025-58349Same product: Samsung Exynos 1280
CVE-2025-59440Same product: Samsung Exynos 1280
CVE-2024-52923Same product: Samsung Exynos 1280
CVE-2024-50600Same product: Samsung Exynos 1280
CVE-2025-57834Same product: Samsung Exynos 1280
CVE-2025-66363Same product: Samsung Exynos 2200

References