Samsung recently announced an urgent warning to its Galaxy smartphone owners, saying that a critical vulnerability has been exploited in zero-day attacks. This was mentioned in Samsungโs monthly security update.
The vulnerability is tracked as CVE-2025-21043, having a CVSS score of 8.8, which leads to out-of-bounds writing resulting in arbitrary code execution. According to the leading giant Samsung, the issue lies in libimagecodec.quram.so, a Quramsoft image parsing library that is closed source.
As mentioned above, the issue is classified as an out-of-bounds writing allowing remote attackers to execute arbitrary code on affected devices, and the severity is high.
Affected Devices and Versions
Regarding the impact, the vulnerability primarily affects Samsung devices running Android 13 and above versions, specifically 14, 15, and 16. This includes flagship models such as Galaxy S25 and S25 Edge. It was reported to Samsung on August 13, 2025, by the messaging platform WhatsApp. Moreover, it is still not known if the security risk is limited only to WhatsApp or even to other platforms.
How Does the Zero-Day Exploit Work?
To create an issue, a malicious actor or attacker might send a malicious image file. This is known as a zero-click attack, and if an effort at exploiting a device is successful and access is obtained, the attacker can take control of the device and fix some or all user data. Once started, an attacker can take over a phone and compromise user passwords and other sensitive information on the device. Since it is a zero-day attack, victims cannot stop the same.
Alongside, Samsung also confirmed that โan exploit for this issue has existed in the wild,โ however, it has not yet shared how the vulnerability has been exploited or whose idea it can be.
Amidst this, security experts have started making predictions that exploits generally target high-profile individuals. But WhatsApp has a huge number of users, making it a potential victim of the attack.
This incident follows the discovery of Android vulnerabilities (CVE-2025-38352 and CVE-2025-48543), which Google has patched, and a zero-day exploit affecting Apple iPhones, flagged by WhatsApp in the previous month.
How is Samsung Response?
Samsung has immediately patched the flaw in its September 2025 Security update. To avoid the exploit, users can consider some simple precautions. They should update the Samsung Galaxy device to ensure the apps are running on the latest versions and include additional features.
Stay ahead of the tech curve with our daily news updates on our website. Check it out now!
Also Read: Phishing: How to Identify & Prevent this Cyber Attack?