CVE-2025-26780 – A missing length check in Samsung Exynos 2400 a... (How to Fix)

Q: What is the severity of CVE-2025-26780?

CVE-2025-26780 has a CVSS score of 7.5 (HIGH). A missing length check in Samsung Exynos 2400 and Modem 5400 chips allows attackers to cause denial of service via malformed PDCP packets. This affects mobile devices using these specific Samsung processors and modems. The vulnerability impacts cellular network functionality on affected devices.

📋 TL;DR

A missing length check in Samsung Exynos 2400 and Modem 5400 chips allows attackers to cause denial of service via malformed PDCP packets. This affects mobile devices using these specific Samsung processors and modems. The vulnerability impacts cellular network functionality on affected devices.

💻 Affected Systems

Products:

Samsung Exynos 2400 Mobile Processor
Samsung Modem 5400

Versions: All versions prior to security patch

Operating Systems: Android-based systems using affected chips

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices using these specific Samsung chipsets; exact device models depend on manufacturer implementations.

📦 What is this software?

Exynos 2400 Firmware by Samsung

View all CVEs affecting Exynos 2400 Firmware →

Modem 5400 Firmware by Samsung

View all CVEs affecting Modem 5400 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete loss of cellular connectivity on affected devices, rendering them unable to make calls, send texts, or use mobile data.

🟠

Likely Case

Temporary disruption of cellular services requiring device reboot to restore functionality.

🟢

If Mitigated

Minimal impact if patched; unpatched devices remain vulnerable to targeted attacks.

🌐 Internet-Facing: MEDIUM - Attack requires sending specially crafted packets to vulnerable devices over cellular networks.

🏢 Internal Only: LOW - This is a hardware/firmware vulnerability affecting mobile devices, not internal enterprise systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending malformed PDCP packets over cellular network; attacker needs proximity or network access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Security patch from Samsung (specific version depends on device manufacturer)

Vendor Advisory: https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-26780/

Restart Required: Yes

Instructions:

1. Check for security updates in device settings. 2. Install available Samsung/device manufacturer security patches. 3. Reboot device after installation.

🔧 Temporary Workarounds

Disable cellular data when not needed

android

Reduce attack surface by disabling mobile data when Wi-Fi is available

Use Wi-Fi calling when possible

android

Route calls over Wi-Fi instead of cellular network

🧯 If You Can't Patch

Limit device use to trusted cellular networks only
Consider replacing affected devices with patched or different chipset models

🔍 How to Verify

Check if Vulnerable:

Check device specifications for Exynos 2400 or Modem 5400 chipsets and verify security patch level is outdated.

Check Version:

Android: Settings > About Phone > Software Information > check Android security patch level and build number

Verify Fix Applied:

Verify latest Samsung/device manufacturer security patch is installed and check patch notes include CVE-2025-26780.

📡 Detection & Monitoring

Log Indicators:

Unexpected modem resets
PDCP protocol errors in modem logs
Cellular connection drops

Network Indicators:

Malformed PDCP packets in cellular traffic
Unusual packet patterns targeting modem

SIEM Query:

Not applicable - this is a device-level hardware/firmware vulnerability

📊 Metadata

CVE ID: CVE-2025-26780

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-20

EPSS Score: 0.13% exploit probability (32.4th percentile)

Published: July 7, 2025

Last Updated: October 27, 2025

🔗 References

https://semiconductor.samsung.com/support/quality-support/product-security-updates/ Vendor Advisory
https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-26780/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-26780, you might also want to check these: