CEL-22 · Mobile Threat Catalogue
Archived: 2026-04-05 19:26:55 UTC
Mobile Threat Catalogue
Menu
Home Background Attack Surface
Technology Stack
Communication
Supply Chain
Mobile Ecosystem
MTC Overview
Threat Categories
Application
Authentication
Cellular
Ecosystem
EMM
GPS
LAN & PAN
Payment
Physical Access
Privacy
Stack
Supply Chain
Threat Statistics Contribute Acronyms CVE List Downloads
https://pages.nist.gov/mobile-threat-catalogue/cellular-threats/CEL-22.html
Page 1 of 2

SMS Parser RCE
Contribute
Threat Category: SMS / MMS / RCS
ID: CEL-22
Threat Description: Remote code execution (RCE) on the mobile device can take place by short message service
(SMS) delivery or URL linking to custom MP3 or MP4 files.
Threat Origin
Not Applicable, See Exploit or CVE Examples
Exploit Examples
Not Applicable
CVE Examples
CVE-2015-6602
Possible Countermeasures
References
Source: https://pages.nist.gov/mobile-threat-catalogue/cellular-threats/CEL-22.html
https://pages.nist.gov/mobile-threat-catalogue/cellular-threats/CEL-22.html
Page 2 of 2