EUVD-2025-209243
GHSA-3p7h-7569-cp4p
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
3Description
An issue was discovered in SMS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. A Stack-based Buffer Overflow occurs while parsing SMS RP-DATA messages.
Analysis
Stack-based buffer overflow in Samsung Exynos chipset SMS message processing allows remote attackers to execute arbitrary code or crash devices via malformed SMS RP-DATA messages. Affects 22 Exynos processor and modem variants across mobile, wearable, and IoT devices, requiring no user interaction. CVSS 10.0 with network-level attack vector (PR:N), scope change, and full system impact. EPSS and exploitation status not provided, but SSVC framework indicates automatable attack with total technical impact. No public exploit identified at time of analysis, though the vulnerability class (CWE-121 stack buffer overflow in SMS parsing) has high weaponization potential.
Technical Context
This vulnerability affects the SMS Radio Protocol (RP-DATA) message parser in Samsung's Exynos baseband processors and standalone modems. The RP-DATA layer handles SMS message routing and delivery at the cellular network protocol stack level, operating below the application layer. CWE-121 stack-based buffer overflows occur when unchecked input data exceeds allocated stack memory boundaries, allowing attackers to overwrite return addresses and execute arbitrary code. The affected components span Samsung's entire Exynos lineup from 2019-2024: flagship processors (980, 990, 1080, 2100, 2200, 2400, 2500), mid-range chips (850, 1280, 1330, 1380, 1480, 1580), wearable processors (W920, W930, W1000), IoT processors (9110), and standalone 5G modems (5123, 5300, 5400). The vulnerability exists in firmware-level code that processes cellular network messages before any application-layer filtering, making it exploitable via SMS delivery without requiring the message to be opened or viewed.
Affected Products
Samsung Exynos Mobile Processors: Exynos 980, 990, 1080, 2100, 2200, 2400, 2500 (flagship series), Exynos 850, 1280, 1330, 1380, 1480, 1580 (mid-range series). Samsung Exynos Wearable Processors: Exynos W920, W930, W1000. Samsung Exynos IoT Processors: Exynos 9110. Samsung Exynos Standalone Modems: Exynos Modem 5123, Modem 5300, Modem 5400. These components are integrated into various Samsung Galaxy smartphones, Galaxy Watch devices, and third-party products using Samsung semiconductor solutions. Specific device models and firmware versions are not detailed in available advisories. Official vendor security bulletin available at https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-54328/.
Remediation
Apply firmware updates from Samsung Semiconductor as published in their Product Security Updates portal at https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-54328/. For end-user devices (smartphones, wearables), install security patches distributed through device manufacturer OTA updates, which may be labeled with Samsung's SMR (Security Maintenance Release) identifiers. Device manufacturers using affected Exynos components should coordinate with Samsung for patched baseband firmware versions. Vendor-released patch availability confirmed per advisory, though specific fixed firmware versions are not publicly enumerated in available references. No effective workarounds exist as the vulnerability resides in baseband firmware SMS processing that cannot be disabled without losing cellular functionality. Organizations managing affected devices should prioritize patch deployment and monitor Samsung's security portal for updated guidance. Network-level SMS filtering is impractical as legitimate SMS traffic must reach devices.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today