Samsung Exynos SMS Buffer Overflow (CVE-2025-54328)

Overview

A critical vulnerability, CVE-2025-54328, has been identified in the SMS handling components of a wide range of Samsung Exynos processors and modems. The flaw is a stack-based buffer overflow that occurs when the device parses a specially crafted SMS RP-DATA message. With a maximum CVSS score of 10.0, this is a severe remote code execution (RCE) vulnerability requiring immediate attention.

Vulnerability Details

The vulnerability exists within the firmware of the affected chipsets. When processing the data of an incoming SMS message, the software fails to properly validate the message size before copying it into a fixed-size memory buffer (the stack). This allows an attacker to send an SMS with oversized, malicious data that overflows the buffer. By carefully crafting this data, an attacker can overwrite critical memory and hijack the execution flow of the chip’s baseband processor.

Impact and Risk

The impact is severe. A remote attacker could exploit this vulnerability to execute arbitrary code on the affected modem or application processor. Successful exploitation could lead to a complete compromise of the device, enabling data theft, persistent surveillance, or the disabling of cellular communications. Crucially, the attack requires no user interaction-the victim does not need to open the message-and no privileges, making it highly exploitable over the air.

Affected Products

The vulnerability impacts numerous Samsung Exynos application processors for mobile and wearable devices, as well as discrete modems. The full list includes:

• Mobile Processors: Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500
• Wearable Processors: Exynos 9110, W920, W930, W1000
• Modems: Exynos Modem 5123, Modem 5300, Modem 5400

Devices from Samsung and other manufacturers using these chipsets are potentially vulnerable.

Remediation and Mitigation

The primary remediation is to apply firmware updates from device manufacturers (OEMs) as they become available. Samsung has released patches to its partners.

1. Patch Immediately: End-users should install all available system updates on their Samsung phones, wearables, and other affected devices. Enable automatic updates if possible.
2. Monitor Advisories: IT administrators should monitor advisories from their device vendors for specific patch availability for managed fleets.
3. Temporary Mitigation: While awaiting a patch, consider the risk profile. For extremely high-value assets, disabling SMS functionality or using devices with non-Exynos chipsets may be considered, though these are often impractical measures.

For the latest information on related threats, monitor our security news feed.

Security Insight

This vulnerability underscores the persistent criticality of the cellular baseband as a high-value attack surface, often overlooked in endpoint security strategies. Similar to historical baseband exploits like CVE-2021-1905 (Qualcomm), it highlights how a single flaw in complex, proprietary modem firmware can bypass all operating system security controls, granting deep system access from a nearly untraceable network vector.

Further Reading

• All Critical Vulnerabilities
• Recent Critical Vulnerabilities
• Top Critical CVEs