CVE-2025-54328

Samsung · Mobile Processor

A stack-based buffer overflow vulnerability in the SMS parsing component of various Samsung processors may allow for remote code execution.

Executive summary

A critical stack-based buffer overflow in multiple Samsung mobile and wearable processors poses a severe risk of unauthorized code execution via maliciously crafted SMS messages.

Vulnerability

The vulnerability exists in the SMS RP-DATA message parsing logic, allowing an unauthenticated attacker to trigger a stack-based buffer overflow.

Business impact

The CVSS score of 10.0 reflects the critical nature of this vulnerability, which could allow full system compromise. Successful exploitation could lead to total loss of device confidentiality, integrity, and availability, potentially exposing sensitive personal or corporate data stored on mobile hardware.

Remediation

Immediate Action: Users and administrators should apply all available firmware updates provided by Samsung or the relevant mobile carrier immediately.

Proactive Monitoring: Monitor device performance for unusual behavior, such as unexpected reboots or service crashes, which may indicate exploitation attempts.

Compensating Controls: While difficult to mitigate at the hardware level via software, ensure that device security settings are hardened and unnecessary messaging services are restricted where possible.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

Given the critical severity and the nature of the affected hardware, immediate remediation is required. Organizations should prioritize updating all mobile devices using these affected processors to the latest vendor-supplied firmware versions to eliminate the risk of remote code execution.