CVE-2025-27891
First published: Wed May 14 2025(Updated: )
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The lack of a length check leads to out-of-bounds reads via malformed NAS packets.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Samsung Exynos 980 Firmware | =980 | |
| Samsung Exynos 990 (9830) | =990 | |
| Samsung Exynos 850 Firmware | =850 | |
| Samsung Exynos 1080 Firmware | =1080 | |
| Samsung Exynos 2100 firmware | =2100 | |
| Samsung Exynos 1280 Firmware | =1280 | |
| Samsung Exynos 2200 firmware | =2200 | |
| Samsung Exynos 1330 Firmware | =1330 | |
| Samsung Mobile Processor Exynos 1380 | =1380 | |
| Samsung Mobile Processor Exynos 1480 | =1480 | |
| Samsung Mobile Processor Exynos 2400 | =2400 | |
| Samsung Wearable Processor W920 | =W920 | |
| Samsung Wearable Processor W930 | =W930 | |
| Samsung W1000 | =W1000 | |
| Samsung Exynos Modem 5123 | =5123 | |
| Samsung Exynos Modem 5300 | =5300 | |
| Samsung Modem 5400 | =5400 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-27891?
CVE-2025-27891 has been rated as a high severity vulnerability due to its potential to cause out-of-bounds reads.
How do I fix CVE-2025-27891?
To fix CVE-2025-27891, ensure that your device firmware is updated to the latest version released by Samsung addressing this vulnerability.
Which devices are affected by CVE-2025-27891?
CVE-2025-27891 affects several Samsung Mobile Processors, Wearable Processors, and Modems including Exynos 980, 990, and others.
What type of vulnerability is CVE-2025-27891?
CVE-2025-27891 is characterized as an out-of-bounds read vulnerability caused by a lack of length check on malformed NAS packets.
Is there a workaround for CVE-2025-27891?
Currently, the recommended action for CVE-2025-27891 is to apply the necessary firmware updates as there are no formal workarounds.
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/type
- agent/first-publish-date
- agent/author
- agent/source
- agent/severity
- agent/weakness
- agent/event
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/description
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- vendor/samsung
- canonical/samsung exynos 980 firmware
- canonical/samsung exynos 990 (9830)
- canonical/samsung exynos 850 firmware
- canonical/samsung exynos 1080 firmware
- canonical/samsung exynos 2100 firmware
- canonical/samsung exynos 1280 firmware
- canonical/samsung exynos 2200 firmware
- canonical/samsung exynos 1330 firmware
- canonical/samsung mobile processor exynos 1380
- canonical/samsung mobile processor exynos 1480
- canonical/samsung mobile processor exynos 2400
- canonical/samsung wearable processor w920
- canonical/samsung wearable processor w930
- canonical/samsung w1000
- canonical/samsung exynos modem 5123
- canonical/samsung exynos modem 5300
- canonical/samsung modem 5400