CVE-2025-54328
Published: 06 April 2026
Summary
CVE-2025-54328 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Samsung Exynos 980 Firmware. Its CVSS base score is 10.0 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 22.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the CVE by identifying, reporting, and applying Samsung's issued product security updates to remediate the stack-based buffer overflow in SMS parsing.
Requires validation of SMS RP-DATA message inputs to prevent stack-based buffer overflows during parsing.
Implements memory safeguards like stack canaries and DEP to protect against exploitation of the stack-based buffer overflow even if invalid inputs are processed.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Stack-based buffer overflow in SMS RP-DATA parsing enables remote unauthenticated arbitrary code execution on the device with no user interaction, directly mapping to client-side exploitation.
NVD Description
An issue was discovered in SMS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. A…
more
Stack-based Buffer Overflow occurs while parsing SMS RP-DATA messages.
Deeper analysisAI
CVE-2025-54328 is a stack-based buffer overflow vulnerability (CWE-121) in the SMS component of various Samsung processors and modems. It occurs during the parsing of SMS RP-DATA messages and affects Samsung Mobile Processor, Wearable Processor, and Modem models including Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Published on 2026-04-06, the issue carries a CVSS v3.1 base score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H), marking it as critically severe.
The vulnerability can be exploited by any remote, unauthenticated attacker with network access, requiring low attack complexity and no user interaction. By transmitting a specially crafted SMS RP-DATA message to a vulnerable device, an attacker can trigger the stack-based buffer overflow, potentially achieving full system compromise through arbitrary code execution, given the changed scope and high impacts across confidentiality, integrity, and availability.
Samsung Semiconductor has issued product security updates for this vulnerability, detailed on their support pages at https://semiconductor.samsung.com/support/quality-support/product-security-updates/ and https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-54328/. Security practitioners should review these advisories for patching guidance and mitigation steps applicable to affected devices.
Details
- CWE(s)