{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-57835", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-06T17:49:07.937Z", "dateReserved": "2025-08-20T00:00:00.000Z", "datePublished": "2026-04-06T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-06T17:49:07.937Z"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in RRC in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Improper memory initialization results in an illegal memory access, causing a system crash via a malformed RRCReconfiguration message."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/"}, {"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-57835/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}}, "dataVersion": "5.2"}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in RRC in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Improper memory initialization results in an illegal memory access, causing a system crash via a malformed RRCReconfiguration message."}], "id": "CVE-2025-57835", "lastModified": "2026-04-06T18:16:40.770", "metrics": {}, "published": "2026-04-06T18:16:40.770", "references": [{"source": "cve@mitre.org", "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/"}, {"source": "cve@mitre.org", "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-57835/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Received"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "exynos", "vendor": "samsung"}], "analysis": {"en": {"generated_at": "2026-04-07T02:23:07.574566+00:00", "value": {"mitigation_remediation": ["Review Samsung\u2019s mobile processor, wearable processor, and modem product security updates page for any security patches that address CVE-2025-57835.", "Apply the latest firmware or driver update that includes a fix for the RRC memory initialization flaw once it becomes available.", "Until a patch is released, monitor device logs for unexpected crashes and consider disabling features that trigger RRCReconfiguration if possible.", "Contact Samsung support for further guidance and to verify whether the issue is mitigated in your hardware."], "summary": {"action": "Assess Impact", "impact": "Denial of Service / System Crash"}, "threat_synthesis": {"affected_systems": "Samsung devices that incorporate the RRC module in their mobile processors, wearable processors, or modems are impacted. The affected hardware includes the Exynos series chips\u2014850, 980, 990, 1080, 1280, 1330, 1380, 1480, 1580, 2100, 2200, 2400, and 2500\u2014as well as the W920, W930, and W1000 wearable processors, and the Modem variants 5123, 5300, and 5400. All listed models are vulnerable to the described crash when a malformed RRCReconfiguration packet is received.", "description_and_impact": "An improper memory initialization within the Radio Resource Control (RRC) component of Samsung mobile, wearable, and modem processors leads to an illegal memory access when a malformed RRCReconfiguration message is processed. This fault causes the system to crash, resulting in a denial\u2011of\u2011service condition. The flaw originates from insufficient handling of uninitialized memory and is reflected in the vulnerability\u2019s description.", "risk_and_exploitability": "The vulnerability is a remote denial\u2011of\u2011service type, exploitable by an attacker who can send a crafted RRCReconfiguration message over the network to the device. While specific CVSS and EPSS metrics are unavailable, the potential for a device crash without user interaction and the lack of a published workaround indicate a high risk to availability. Samsung has not listed the issue in its KEV catalog, but the absence of a public patch means operators should treat the flaw as a critical availability threat until firmware or driver updates become available."}}}}, "created": "2026-04-07T07:16:05.593440+00:00", "title": "Memory Initialization Error in Samsung RRC Causes System Crash on Malformed RRCReconfiguration Message", "updated": "2026-04-07T09:39:33.830190+00:00", "vendors": ["samsung", "samsung$PRODUCT$exynos"], "weaknesses": ["CWE-119", "CWE-795"]}