Monorepo

Samsung Fixes Critical Android Vulnerability Exploited in the Wild

Samsung Fixes Critical Android Vulnerability Exploited in the Wild
source: gettyimages
September 17, 2025

Samsung has recently addressed a serious security flaw affecting its Android devices, which was actively exploited by attackers before a patch could be deployed. The vulnerability, identified as CVE-2025-21043, impacts Android OS versions 13 through 16 and involves an out-of-bounds write in the libimagecodec.quram.so library that processes image formats on Samsung phones.

According to Samsung's September security update, the company was made aware that malicious actors had already exploited this flaw in real-world attacks. The security breach was discovered after Meta and WhatsApp security teams reported the issue to Samsung on August 13. The flaw potentially allows remote code execution simply by processing a specially crafted image within affected applications, including WhatsApp, although Samsung did not specify exactly which apps are vulnerable.

Exploitation and Chain of Attacks

Meta issued an advisory indicating that attackers may have combined this Android vulnerability with a separate Apple OS vulnerability (CVE-2025-43300) to intensify their attacks. The Apple flaw, fixed on August 20, involved a similar out-of-bounds write issue in the ImageIO framework that was exploited in highly targeted, sophisticated attacks against specific Apple users.

While Meta's security update for WhatsApp on August 2025 addressed a different flaw (CVE-2025-55177), it appears that CVE-2025-21043 could be part of a chain of vulnerabilities used to compromise Samsung devices. Notably, the combined exploitation could allow remote code execution, potentially leading to surveillance or data theft.

Affected Parties and Investigations

Samsung declined to comment on whether CVE-2025-21043 was used directly in active attacks. Meta also did not specify if their users on Samsung devices had been targeted with this specific vulnerability. According to sources familiar with the situation, the flaw involved in an out-of-bounds write vulnerability in a particular Samsung library and may have been exploited to remotely execute malicious code on affected devices.

The Broader Context of Targeted Attacks

Security researchers, including Amnesty International, have confirmed that this attack was part of an extremely sophisticated campaign likely orchestrated by commercial surveillance vendors. On August 29, Donncha Ó Cearbhaill, head of Amnesty International's Security Lab, revealed that multiple civil society members' devices had been compromised using zero-click exploits impacting both iPhone and Android users.

While no group has officially claimed responsibility, the nature of the attacks suggests state-sponsored or commercial spyware operations. The consequences are severe, as targeted individuals' private communications could be intercepted or manipulated without any action required from the victim.

Conclusion

This incident underscores the persistent threat posed by zero-day vulnerabilities and the importance of timely security patches. Users of Samsung Android devices are advised to update their devices promptly and remain cautious about opening unfamiliar images or links that might trigger malicious code execution.

---

Stay informed on cybersecurity news and ensure your devices are protected from emerging threats.

Related links

By submitting, I confirm I have the right to share this link and I agree to link back to this article from the submitted page. Duplicate URLs are rejected. Up to 5 links per page.

GraphQL · 142 ms 
query Q($id: Int!, $domain: Int!, $srcId: Int!, $hasSrc: Boolean!, $hasSelf: Boolean!) {
  self: qa_ai(where: {id: {_eq: $id}}, limit: 1) @include(if: $hasSelf) { id title text date }
  linksarticle: qa_ai(where: {domain: {_eq: $domain}, id: {_neq: $id}}, order_by: {id: desc}, limit: 8) { id title }
  linksbottom: qa_ai(where: {domain: {_neq: $domain}, id: {_lt: $id}}, order_by: {id: desc}, limit: 3) { id title domain }
  source: qa_ai(where: {id: {_eq: $srcId}}, limit: 1) @include(if: $hasSrc) { id title }
}
{
  "id": 6643803,
  "domain": 7,
  "srcId": 0,
  "hasSrc": false,
  "hasSelf": true
}