On September 12, 2025, Samsung issued its latest Android security patch, which resolves a significant zero-day flaw that has been actively exploited in attacks on its devices.
Identified as CVE-2025-21043 with a severity rating of 8.8, the vulnerability arises from an out-of-bounds write flaw within the closed-source image handling library, libimagecodec.quram.so. This vulnerability allows remote code execution by exploiting an incorrect implementation of the library.
The advisory by Samsung’s security states that attackers can execute arbitrary code using Out-of-bounds Write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1. The patch fixed the incorrect implementation.
First reported privately to Samsung on August 13, 2025, by security teams from Meta and WhatsApp, the vulnerability impacts Android versions 13, 14, 15, and 16. The vulnerable library, developed by Quramsoft, provides support for handling various image formats and is closed-source, as detailed in a 2020 report by Google Project Zero.
Even though Samsung confirmed that an exploit exists in the wild, the company has not revealed any specific details about the attacks or the perpetrators. Samsung urged users to install the September 2025 patch immediately, as it resolves the vulnerability by correcting the faulty codec implementation.
This patch arrives soon after Google fixed two other Android security flaws (CVE-2025-38352 and CVE-2025-48543), both of which were reportedly exploited in active attacks, reflecting a growing emphasis on countering targeted threats.
Users are strongly advised to install the latest security updates promptly to prevent potential compromise through this dangerous vulnerability.
Caught feelings for cybersecurity? It’s okay, it happens. Follow us on LinkedIn and Instagram to keep the spark alive.
