Use-after-free in Samsung products - CVE-2025-23098
Published: June 2, 2025
Vulnerability identifier: #VU110007
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2025-23098
CWE-ID: CWE-416
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Samsung
Affected software:
Exynos 980
Exynos 1080
Exynos 2100
Exynos 1280
Exynos 2200
Exynos 1380
Exynos 990
Exynos 980
Exynos 1080
Exynos 2100
Exynos 1280
Exynos 2200
Exynos 1380
Exynos 990
Detailed vulnerability description
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the mobile processor. A remote attacker can gain elevated privileges on the target system.
How to mitigate CVE-2025-23098
Install updates from vendor's website.