CVE-2025-66363
Published: 03 March 2026
Summary
CVE-2025-66363 is a high-severity Improper Initialization (CWE-665) vulnerability in Samsung Exynos 2200 Firmware. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 20.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2025-66363 is a vulnerability in the LBS component of the Samsung Mobile Processor Exynos 2200, where there is no check for memory initialization within DL NAS Transport messages. Published on 2026-03-03, this issue falls under CWE-665 (Improper Initialization) and carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
The vulnerability enables remote exploitation over the network with low complexity, requiring no privileges, user interaction, or authentication. Attackers can trigger it to cause high-impact denial of service, such as system crashes or resource exhaustion due to uninitialized memory handling in DL NAS Transport messages.
Samsung provides mitigation details through their product security updates portal at https://semiconductor.samsung.com/support/quality-support/product-security-updates/ and the dedicated CVE page at https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-66363/. Security practitioners should consult these resources for patch availability and deployment guidance on affected Exynos 2200 devices.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-208236
Vulnerability details
An issue was discovered in LBS in Samsung Mobile Processor Exynos 2200. There was no check for memory initialization within DL NAS Transport messages.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote network message exploitation of improper memory initialization directly enables application/system DoS via crash or resource exhaustion (T1499.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Timely flaw remediation directly addresses the improper memory initialization check in Exynos 2200 LBS by applying vendor patches to prevent remote DoS exploitation.
Information input validation on DL NAS Transport messages enforces checks for proper memory initialization, preventing crashes from uninitialized memory handling.
Denial-of-service protection at network entry points mitigates the high availability impact of remote exploitation causing system crashes or resource exhaustion.