Samsung has released its September 2025 security update, patching a critical zero-day vulnerability, CVE-2025-21043, that was actively exploited in the wild. The flaw, found in an image-parsing library, allowed remote attackers to execute arbitrary code on affected Android devices without user interaction, posing a significant risk to users.

Key Takeaways

• Critical Vulnerability Patched: Samsung has fixed CVE-2025-21043, an out-of-bounds write vulnerability in the libimagecodec.quram.so library.

• Active Exploitation: The vulnerability was confirmed to be exploited in real-world attacks before the patch was released.

• Affected Devices: The flaw impacts Samsung devices running Android 13, 14, 15, and 16.

• Zero-Click Attack: The exploit allows for arbitrary code execution without requiring any user action, making it particularly dangerous.

• Discovery: The vulnerability was privately disclosed to Samsung by Meta and WhatsApp security teams on August 13, 2025.

Technical Details of the Vulnerability

The vulnerability, identified as CVE-2025-21043, resides within , a closed-source image parsing library developed by Quramsoft. This library is responsible for processing various image formats on Samsung devices. The specific flaw is an "out-of-bounds write," which occurs when a program attempts to write data beyond the allocated memory buffer. Attackers can craft malicious image files that, when processed by the vulnerable library, trigger this condition, enabling them to execute arbitrary code on the device.

Impact and Exploitation

This vulnerability is classified as critical due to its potential for remote code execution and the fact that it requires no user interaction, often referred to as a "zero-click" exploit. This means that users could be compromised simply by receiving a specially crafted image file, potentially through messaging applications like WhatsApp, which uses the same library. While Samsung has not disclosed specifics about the attackers or the exact methods of exploitation, the confirmation of "exploit in the wild" highlights the immediate threat to users.

Samsung's Response and User Recommendations

Samsung has addressed CVE-2025-21043 as part of its September 2025 Security Maintenance Release (SMR). This update includes fixes for numerous other security issues affecting a wide range of Android versions. Security experts strongly advise all Samsung users to update their devices immediately to the latest software version. Users can check for updates by navigating to Settings > Software Update. Enabling automatic updates is also recommended to ensure devices remain protected against emerging threats.

Broader Security Context

This incident follows closely on the heels of other significant security disclosures, including Google's resolution of two exploited vulnerabilities in Android and WhatsApp's own patching of a similar zero-day flaw affecting its iOS and macOS clients. The active exploitation of such vulnerabilities underscores the ongoing cat-and-mouse game between security researchers and malicious actors, emphasizing the critical importance of timely software updates for maintaining device security.

As cyber threats become increasingly sophisticated, your security strategy must evolve to keep pace. BetterWorld Technology offers adaptive cybersecurity solutions that grow with the threat landscape, helping your business stay secure while continuing to innovate. Reach out today to schedule your personalized consultation.

Sources

• Samsung Fixes Critical Zero-Day CVE-2025-21043 Exploited in Android Attacks, The Hacker News.

• Samsung Patches Critical Zero-Day Exploit in Galaxy September 2025 Update, WebProNews.

• Samsung Fixes Image Parsing Vulnerability Exploited in Android Attacks, Hackread.

• Samsung fixed actively exploited zero-day, Security Affairs.

• Samsung Patches Zero-Day Exploited in Attacks on Android Devices, Information Security Buzz.