CVE-2025-54328

CRITICAL

Samsung Exynos Modem - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-54328. PoCs published by Hunt-Benito.

AI-analyzed exploit summary This repository contains a functional PoC for CVE-2025-54328, a stack-based buffer overflow in Samsung Exynos baseband firmware's SMS RP-DATA parser. The Python script generates a malicious RP-DATA message with an oversized TPDU payload designed to trigger the vulnerability.

Description

An issue was discovered in SMS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. A Stack-based Buffer Overflow occurs while parsing SMS RP-DATA messages.

Exploits (1)

nomisec WORKING POC

by Hunt-Benito · poc

https://github.com/Hunt-Benito/samsung-exynos-sms-stack-overflow-cve-2025-54328-critical-zero-click-baseband-rce

View Code ZIP pw:eip

This repository contains a functional PoC for CVE-2025-54328, a stack-based buffer overflow in Samsung Exynos baseband firmware's SMS RP-DATA parser. The Python script generates a malicious RP-DATA message with an oversized TPDU payload designed to trigger the vulnerability.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: Samsung Exynos baseband firmware (Shannon)

No auth needed

Prerequisites: Python 3.6+ · Fake BTS (OpenBTS/srsRAN) + SDR (USRP/HackRF) or SMS gateway with raw PDU mode access or direct memory injection via JTAG/UART on the baseband

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Apr 10, 2026 Full analysis →

References (2)

Core 2

Core References

https://semiconductor.samsung.com/support/quality-support/product-security-updates/

https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-54328/

Scores

CVSS v3 10.0

EPSS 0.0008

EPSS Percentile 23.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-121

Status published

Products (20)

samsung/exynos_1080_firmware

samsung/exynos_1280_firmware

samsung/exynos_1330_firmware

samsung/exynos_1380_firmware

samsung/exynos_1480_firmware

samsung/exynos_1580_firmware

samsung/exynos_2100_firmware

samsung/exynos_2200_firmware

samsung/exynos_2400_firmware

samsung/exynos_2500_firmware

... and 10 more

Published Apr 06, 2026

Tracked Since Apr 07, 2026