CVE-2025-54328

CRITICAL

Samsung Exynos Modem - Buffer Overflow

Title source: llm

Description

An issue was discovered in SMS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. A Stack-based Buffer Overflow occurs while parsing SMS RP-DATA messages.

Exploits (1)

nomisec WORKING POC

by Hunt-Benito · poc

https://github.com/Hunt-Benito/samsung-exynos-sms-stack-overflow-cve-2025-54328-critical-zero-click-baseband-rce

View Code ZIP pw:eip

References (2)

https://semiconductor.samsung.com/support/quality-support/product-security-updates/

https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-54328/

Scores

CVSS v3 10.0

EPSS 0.0007

EPSS Percentile 20.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-121

Status published

Products (20)

samsung/exynos_1080_firmware

samsung/exynos_1280_firmware

samsung/exynos_1330_firmware

samsung/exynos_1380_firmware

samsung/exynos_1480_firmware

samsung/exynos_1580_firmware

samsung/exynos_2100_firmware

samsung/exynos_2200_firmware

samsung/exynos_2400_firmware

samsung/exynos_2500_firmware

... and 10 more

Published Apr 06, 2026

Tracked Since Apr 07, 2026