Samsung has patched a distant code execution vulnerability that was exploited in zero-day assaults concentrating on its Android gadgets.
Tracked as CVE-2025-21043, this essential safety flaw impacts Samsung gadgets operating Android 13 or later and was reported by the safety groups of Meta and WhatsApp on August 13.
As Samsung explains in a not too long ago up to date advisorythis vulnerability was found in libimagecodec.quram.so (a closed-source picture parsing library developed by Quramsoft that implements help for numerous picture codecs) and is brought on by an out-of-bounds write weak point that enables attackers to execute malicious code on weak gadgets remotely.
“Out-of-bounds Write in libimagecodec.quram.so previous to SMR Sep-2025 Launch 1 permits distant attackers to execute arbitrary code,” Samsung says. “Samsung was notified that an exploit for this subject has existed within the wild.”
Whereas Samsung did not specify whether or not the assaults focused solely WhatsApp customers with Samsung Android gadgets, different immediate messengers that make the most of the weak picture parsing library may be probably focused utilizing CVE-2025-21043 exploits.
“As a part of our proactive investigation right into a extremely focused exploit over the summer season (which resulted in our safety advisory for iOS/MacOS WhatsApp customers), we shared our findings with our trade friends, together with Apple and Samsung,” a Meta spokesperson advised BleepingComputer.
“Apple mitigated the related high-severity vulnerability (CVE-2025-43300) final month. Samsung additionally issued a patch for SVE-2025-1702 and revealed their safety advisory this week.”
In late August, WhatsApp additionally patched a zero-click vulnerability (CVE-2025-55177) in its iOS and macOS messaging shoppers that was chained with an Apple zero-day flaw (CVE-2025-43300) in “extraordinarily refined” focused zero-day assaults.
WhatsApp urged probably impacted customers on the time to maintain their gadgets and software program updated and to reset their gadgets to manufacturing unit settings.
Though Apple and WhatsApp have not launched any particulars relating to the assaults chaining CVE-2025-55177 and CVE-2025-43300, Donncha Ó Cearbhaill (the pinnacle of Amnesty Worldwide’s Safety Lab) mentioned that WhatsApp has warned some customers that their gadgets have been focused in a sophisticated adware marketing campaign.
Samsung and Meta spokespersons weren’t instantly obtainable for remark when contacted by BleepingComputer earlier in the present day.
Earlier this month, hackers additionally started deploying malware on gadgets left unpatched towards an unauthenticated distant code execution (RCE) vulnerability (CVE-2024-7399) within the Samsung MagicINFO 9 Server, a centralized content material administration system (CMS) utilized by airports, retail chains, hospitals, enterprises, and eating places.
Replace September 12, 10:17 EDT: Added Meta assertion.
46% of environments had passwords cracked, practically doubling from 25% final yr.
Get the Picus Blue Report 2025 now for a complete take a look at extra findings on prevention, detection, and knowledge exfiltration traits.
