Cyber Resilience

CVE-2025-54328

Critical

Published: 06 April 2026

Published
06 April 2026
Modified
07 April 2026
KEV Added
Patch
CVSS Score v3.1 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0052 40.1th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2025-54328 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Samsung Exynos 980 Firmware. Its CVSS base score is 10.0 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 40.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-54328 is a stack-based buffer overflow vulnerability (CWE-121) in the SMS component of various Samsung processors and modems. It occurs during the parsing of SMS RP-DATA messages and affects Samsung Mobile Processor, Wearable Processor, and Modem models including Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Published on 2026-04-06, the issue carries a CVSS v3.1 base score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), marking it as critically severe.

The vulnerability can be exploited by any remote, unauthenticated attacker with network access, requiring low attack complexity and no user interaction. By transmitting a specially crafted SMS RP-DATA message to a vulnerable device, an attacker can trigger the stack-based buffer overflow, potentially achieving full system compromise through arbitrary code execution, given the changed scope and high impacts across confidentiality, integrity, and availability.

Samsung Semiconductor has issued product security updates for this vulnerability, detailed on their support pages at https://semiconductor.samsung.com/support/quality-support/product-security-updates/ and https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-54328/. Security practitioners should review these advisories for patching guidance and mitigation steps applicable to affected devices.

EU & UK References

Vulnerability details

An issue was discovered in SMS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. A…

more

Stack-based Buffer Overflow occurs while parsing SMS RP-DATA messages.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Stack-based buffer overflow in SMS RP-DATA parsing enables remote unauthenticated arbitrary code execution on the device with no user interaction, directly mapping to client-side exploitation.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-52924Same product: Samsung Exynos 1080
CVE-2025-54324Same product: Samsung Exynos 1080
CVE-2025-62818Same product: Samsung Exynos 1080
CVE-2025-58349Same product: Samsung Exynos 1080
CVE-2025-57835Same product: Samsung Exynos 1080
CVE-2025-59440Same product: Samsung Exynos 1080
CVE-2025-57834Same product: Samsung Exynos 1080
CVE-2024-52923Same product: Samsung Exynos 1080
CVE-2025-52908Same product: Samsung Exynos 1280
CVE-2025-27807Same product: Samsung Exynos 1080

Affected Assets

samsung
exynos 980 firmware
all versions
samsung
exynos 990 firmware
all versions
samsung
exynos 850 firmware
all versions
samsung
exynos 1080 firmware
all versions
samsung
exynos 2100 firmware
all versions
samsung
exynos 1280 firmware
all versions
samsung
exynos 1330 firmware
all versions
samsung
exynos 1380 firmware
all versions
samsung
exynos 1480 firmware
all versions
samsung
exynos 1580 firmware
all versions
+10 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the CVE by identifying, reporting, and applying Samsung's issued product security updates to remediate the stack-based buffer overflow in SMS parsing.

prevent

Requires validation of SMS RP-DATA message inputs to prevent stack-based buffer overflows during parsing.

prevent

Implements memory safeguards like stack canaries and DEP to protect against exploitation of the stack-based buffer overflow even if invalid inputs are processed.

References