Resource exhaustion in Samsung products - CVE-2025-43706
Published: January 6, 2026
Vulnerability identifier: #VU120983
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2025-43706
CWE-ID: CWE-400
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Samsung
Affected software:
Exynos 980
Exynos 850
Exynos 1080
Exynos 2400
Exynos 1580
Exynos 9110
Exynos W920
Exynos W930
Exynos Modem 5123
Exynos Modem 5400
Exynos 990
Exynos 980
Exynos 850
Exynos 1080
Exynos 2400
Exynos 1580
Exynos 9110
Exynos W920
Exynos W930
Exynos Modem 5123
Exynos Modem 5400
Exynos 990
Detailed vulnerability description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect handling of RRC packet. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
How to mitigate CVE-2025-43706
Install updates from vendor's website.