April 7, 2026

CVE-2025-62818

CRITICAL SEVERITY

Executive Summary

VulnerabilityOut-of-Bounds Memory Access

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. An out-of-bounds write occurs due to a mismatch between the TP-UDHI and UDL values when processing an SMS TP-UD packet.

Quantitative Risk Analysis

9.8CVSS v3.1 BASE
67.7OSVAULT RISK
EPSS Probability
0.1% (chance of exploit in 30 days)
Exploit Maturity
UNPROVEN

Attack Vector Profile

The payload vectors broken down by magnitude impact and ease-of-deployment factor mapping.

Attack VectorNetworkAttack ComplexityLowPrivileges RequiredNoneUser InteractionNoneScopeUnchangedConfidentiality ImpactHighIntegrity ImpactHighAvailability ImpactHigh
Raw Vector ArrayCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What This Means For Your System

Each point below is derived directly from this CVE's CVSS v3.1 vector — not editorial opinion.

1

Exploitable remotely over the internet — no physical or local access needed.

2

No special preconditions — the attack is reliably repeatable.

3

No authentication required — unauthenticated attackers can exploit directly.

4

No user interaction required — the attacker acts autonomously.

5

Successful exploitation causes: full data confidentiality breach, complete integrity compromise, total service availability loss.

OsVault Risk Score Methodology

The OsVault composite score is a 5-layer non-linear engine — not a simple weighted average. Each input signal is transformed through mathematically appropriate curves before blending, ensuring that exploitability context overrides raw severity when warranted.

LayerSignalThis CVETransformed Value
L1Technical SeverityCVSS 9.8/1097.0 (piecewise exponential × vector modifiers)
L2Threat IntelligenceEPSS 0.056% · Unproven28.0 (sigmoid EPSS k=40 + maturity tier base)
L3CISA KEV StatusNot listedNo floor applied
Composite: 50% Technical + 40% Threat + 10% Context67.69

Layer 1 (Technical): CVSS is mapped through a piecewise exponential curve with 4 bands (LOW 0–20, MEDIUM 20–55, HIGH 55–85, CRITICAL 85–100), then multiplied by full CVSS vector decomposition factors for Attack Vector, Complexity, Privileges, and User Interaction.

Layer 2 (Threat): Raw EPSS is passed through a logistic sigmoid (k=40, midpoint=0.05) to maximize discrimination in the decision-relevant range. The result is added to an exploit maturity tier base score (Weaponized: 85, Functional: 55, PoC: 40, Unproven: 18).

Layer 3 (KEV Floor):Any CVE in CISA's catalog receives a hard minimum of 93.0 (Functional) or 97.0 (Weaponized). This ensures confirmed exploitation is never buried by low CVSS scores.

Scores ≥70: patch immediately. 40–69: schedule within current sprint. Below 40: standard maintenance cycle.

CPE Identifiers

Common Platform Enumeration (CPE) names mapped to this advisory by the National Vulnerability Database.

cpe:2.3:o:samsung:exynos_990_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:samsung:exynos_980_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:samsung:exynos_850_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:samsung:exynos_1080_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:samsung:exynos_1280_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:samsung:exynos_1330_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:samsung:exynos_1380_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:samsung:exynos_1480_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:samsung:exynos_1580_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:samsung:exynos_9110_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:samsung:exynos_2100_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:samsung:exynos_2200_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:samsung:exynos_2400_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:samsung:exynos_2500_firmware:-:*:*:*:*:*:*:*
cpe:2.3:o:samsung:exynos_w930_firmware:-:*:*:*:*:*:*:*

… 5 additional identifiers unlisted.

Relevant Threat Intelligence

Similar CRITICAL Severity Vulnerabilities

CVE-2026-5731CRITICAL

Memory safety bugs present in Firefox ESR 115.34.0, Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 149.0.2, Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird 149.0.2, and Thunderbird 140.9.1.

CVE-2026-20911CRITICAL

A heap-based buffer overflow vulnerability exists in the HuffTable::initval functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2026-21413CRITICAL

A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2026-35458CRITICAL

Gotenberg is an API for converting document formats. In 8.29.1 and earlier, Gotenberg uses dlclark/regexp2 to compile user-supplied scope patterns without setting a proper timeout. Users with access to features using this logic can hang workers indefinitely.

Other Vulnerabilities from April 2026

CVE-2025-13822

MCPHub in versions below 0.11.0 is vulnerable to authentication bypass. Some endpoints are not protected by authentication middleware, allowing an unauthenticated attacker to perform actions in the name of other users and using their privileges.

CVE-2026-4109MEDIUM

The Eventin – Events Calendar, Event Booking, Ticket & Registration (AI Powered) plugin for WordPress is vulnerable to unauthorized access of data due to a improper capability check on the get_item_permissions_check() function in all versions up to, and including, 4.1.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read arbitrary order data including customer PII (name, email, phone) by iterating order IDs.

CVE-2026-33929

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache PDFBox Examples. This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.36, from 3.0.0 through 3.0.7. Users are recommended to update to version 2.0.37 or 3.0.8 once available. Until then, they should apply the fix provided in GitHub PR 427. The ExtractEmbeddedFiles example contained a path traversal vulnerability (CWE-22) mentioned in CVE-2026-23907. However the change in the releases 2.0.36 and 3.0.7 is flawed because it doesn't consider the file path separator. Because of that, a user having writing rights on /home/ABC could be victim to a malicious PDF resulting in a write attempt to any path starting with /home/ABC, e.g. "/home/ABCDEF". Users who have copied this example into their production code should apply the mentioned change. The example has been changed accordingly and is available in the project repository.

CVE-2026-33892HIGH

A vulnerability has been identified in Industrial Edge Management Pro V1 (All versions >= V1.7.6 < V1.15.17), Industrial Edge Management Pro V2 (All versions >= V2.0.0 < V2.1.1), Industrial Edge Management Virtual (All versions >= V2.2.0 < V2.8.0). Affected management systems do not properly enforce user authentication on remote connections to devices. This could facilitate an unauthenticated remote attacker to circumvent authentication and impersonate a legitimate user. Successful exploitation requires that the attacker has identified the header and port used for remote connections to devices and that the remote connection feature is enabled for the device. Exploitation allows the attacker to tunnel to the device. Security features on this device itself (e.g. app specific authentication) are not affected.

Are you affected by CVE-2025-62818?

Integrate OsVault's static analysis engine directly into your repository to uncover unreachable downstream vulnerabilities implicitly bypassing your firewall rules.

Run Platform Scan →