{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-52908", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-07T14:52:43.502Z", "dateReserved": "2025-06-21T00:00:00.000Z", "datePublished": "2026-04-07T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-07T14:52:43.502Z"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000. Incorrect Handling of the NL80211 vendor command leads to a buffer overflow via a certain ioctl message, issue 1 of 2."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/"}, {"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-52908/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}}, "dataVersion": "5.2"}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000. Incorrect Handling of the NL80211 vendor command leads to a buffer overflow via a certain ioctl message, issue 1 of 2."}], "id": "CVE-2025-52908", "lastModified": "2026-04-08T21:27:00.663", "metrics": {}, "published": "2026-04-07T16:16:23.023", "references": [{"source": "cve@mitre.org", "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/"}, {"source": "cve@mitre.org", "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-52908/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "exynos", "vendor": "samsung"}], "analysis": {"en": {"generated_at": "2026-04-07T22:54:36.379885+00:00", "value": {"mitigation_remediation": ["Check Samsung\u2019s product security update portal for the latest firmware or driver patch", "Apply the latest reported update from the Samsung support site", "If no update is currently available, disable or restrict the use of the affected Wi\u2011Fi driver where possible", "Monitor Samsung advisories for future patches or workarounds"], "summary": {"action": "Apply Patch", "impact": "Potential Remote Code Execution via Buffer Overflow"}, "threat_synthesis": {"affected_systems": "Affected products are Samsung mobile and wearable processors, including Exynos 980, 850, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000. No specific firmware or driver versions are listed, so all builds containing the vulnerable driver code may be susceptible.", "description_and_impact": "The vulnerability originates from improper handling of an NL80211 vendor command in the Wi\u2011Fi driver for Samsung Exynos mobile and wearable processors. This flaw allows a crafted ioctl message to overflow a buffer, enabling an attacker to inject arbitrary code or influence driver behavior. The type of weakness aligns with classic buffer overflow defects, which can compromise system integrity and confidentiality if exploited.", "risk_and_exploitability": "The CVSS score is not provided, and no EPSS score is available, so the quantified likelihood of exploitation remains uncertain. The vulnerability is not listed in CISA\u2019s KEV catalog, suggesting there is no confirmed exploitation in the wild to date. Nevertheless, buffer overflows are traditionally high\u2011risk when they can be triggered by local or remote clients via vendor commands; the attack vector is inferred to be local or remote via a malicious application or service able to issue the ioctl. In the absence of an explicit mitigation from Samsung, the prudent stance is to treat it as a high\u2011risk issue until an official patch is released."}}}}, "created": "2026-04-08T19:50:18.333897+00:00", "title": "Buffer Overflow in Samsung Exynos Wi\u2011Fi Driver via NL80211 Vendor Command", "updated": "2026-04-09T08:24:30.612810+00:00", "vendors": ["samsung", "samsung$PRODUCT$exynos"], "weaknesses": ["CWE-119"]}