## https://sploitus.com/exploit?id=1181E2E7-1F41-5865-8E4C-F5F646ED08E4
# CVE-2025-54328 โ Samsung Exynos SMS RP-DATA Stack Buffer Overflow
Conceptual PoC for CVE-2025-54328, a CVSS 10.0 Critical stack-based buffer overflow in Samsung Exynos baseband firmware's SMS RP-DATA parser.
## Article
Full write-up: **[Samsung Exynos SMS Stack Overflow: CVE-2025-54328 โ Critical Zero-Click Baseband RCE](https://www.hunt-benito.com/samsung-exynos-sms-stack-overflow-cve-2025-54328-critical-zero-click-baseband-rce/)**
## PoC
```bash
python3 poc_cve_2025_54328.py +4412345678
```
Generates a raw RP-DATA message with an oversized TPDU payload that would trigger a stack-based buffer overflow in the Shannon baseband firmware's SMS parser.
**This is a conceptual PoC.** It will not exploit a production device without the specific memory layout and firmware gadget addresses for the target baseband version.
## Requirements
- Python 3.6+
## Delivery
Injecting the generated message requires one of:
- A fake BTS (OpenBTS / srsRAN) + SDR (USRP / HackRF)
- An SMS gateway with raw PDU mode access
- Direct memory injection via JTAG / UART on the baseband
## Disclaimer
This code is provided for **educational and authorized security research only**. Unauthorized access to computer systems is illegal.