{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-59440", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-06T18:01:26.239Z", "dateReserved": "2025-09-16T00:00:00.000Z", "datePublished": "2026-04-06T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-06T18:01:26.239Z"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in USIM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Improper handling of SIM card proactive commands leads to a Denial of Service."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/"}, {"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-59440/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}}, "dataVersion": "5.2"}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in USIM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Improper handling of SIM card proactive commands leads to a Denial of Service."}], "id": "CVE-2025-59440", "lastModified": "2026-04-06T18:16:40.937", "metrics": {}, "published": "2026-04-06T18:16:40.937", "references": [{"source": "cve@mitre.org", "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/"}, {"source": "cve@mitre.org", "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-59440/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Received"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": null}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "exynos", "vendor": "samsung"}], "analysis": {"en": {"generated_at": "2026-04-07T03:20:42.342771+00:00", "value": {"mitigation_remediation": ["Verify whether the device incorporates any of Samsung processors listed above.", "Check Samsung\u2019s product security updates portal for firmware or security patches specific to the affected processor.", "Apply the identified firmware update following Samsung\u2019s installation procedures.", "If a patch is not yet available, block or limit unsolicited proactive SIM commands via network or device configuration to reduce exposure.", "Monitor device logs for repeated resets or unresponsiveness and report incidents to Samsung support."], "summary": {"action": "Patch Update", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "Vulnerable hardware includes Samsung Mobile, Wearable, and Modem processors such as Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, as well as wearable devices W920, W930, W1000, and Modem chips 5123, 5300, and 5400. No specific firmware revision information is disclosed; the issue appears in any device incorporating the affected USIM component.", "description_and_impact": "Improper handling of SIM card proactive commands in Samsung\u2019s USIM component can cause the device to reset or shut down, resulting in a denial of service that stops all ongoing operations until a reboot occurs. This flaw relates to a weakness in input validation and resource management, producing a failure in the system\u2019s ability to maintain continuous operation.", "risk_and_exploitability": "No CVSS or EPSS score is published, so the exact severity cannot be quantified. It is inferred that an attacker who can deliver malformed proactive SIM commands\u2014through the SIM interface or a compromised card\u2014could trigger the denial of service, leading to service disruption. The absence of publicly documented exploit details suggests that the vulnerability may be exploitable by insiders or adversaries with access to the SIM hardware or remote control over card provisioning."}}}}, "created": "2026-04-07T07:16:03.395345+00:00", "title": "Denial of Service via Improper USIM Proactive Command Handling on Samsung Processors", "updated": "2026-04-07T09:39:31.621652+00:00", "vendors": ["samsung", "samsung$PRODUCT$exynos"], "weaknesses": ["CWE-404"]}