You can’t really call it an exploit when SS7 and its layered protocols like MAP have basically zero security measures whatsoever.