Samsung has patched a distant code execution vulnerability that was exploited in zero-day assaults focusing on its Android units.
Tracked as CVE-2025-21043, this crucial safety flaw impacts Samsung units operating Android 13 or later and was reported by the safety groups of Meta and WhatsApp on August 13.
As Samsung explains in a just lately up to date advisory, this vulnerability was found in libimagecodec.quram.so (a closed-source picture parsing library developed by Quramsoft that implements assist for numerous picture codecs) and is brought on by an out-of-bounds write weak spot that enables attackers to execute malicious code on susceptible units remotely.
“Out-of-bounds Write in libimagecodec.quram.so previous to SMR Sep-2025 Launch 1 permits distant attackers to execute arbitrary code,” Samsung says. “Samsung was notified that an exploit for this subject has existed within the wild.”
Whereas Samsung did not specify whether or not the assaults focused solely WhatsApp customers with Samsung Android units, different immediate messengers that make the most of the susceptible picture parsing library is also doubtlessly focused utilizing CVE-2025-21043 exploits.
“As a part of our proactive investigation right into a extremely focused exploit over the summer time (which resulted in our safety advisory for iOS/MacOS WhatsApp customers), we shared our findings with our trade friends, together with Apple and Samsung,” a Meta spokesperson instructed BleepingComputer.
“Apple mitigated the related high-severity vulnerability (CVE-2025-43300) final month. Samsung additionally issued a patch for SVE-2025-1702 and printed their safety advisory this week.”
In late August, WhatsApp additionally patched a zero-click vulnerability (CVE-2025-55177) in its iOS and macOS messaging shoppers that was chained with an Apple zero-day flaw (CVE-2025-43300) in “extraordinarily refined” focused zero-day assaults.
WhatsApp urged doubtlessly impacted customers on the time to maintain their units and software program updated and to reset their units to manufacturing facility settings.
Though Apple and WhatsApp have not launched any particulars relating to the assaults chaining CVE-2025-55177 and CVE-2025-43300, Donncha Ó Cearbhaill (the top of Amnesty Worldwide’s Safety Lab) mentioned that WhatsApp has warned some customers that their units had been focused in a sophisticated spyware and adware marketing campaign.
Samsung and Meta spokespersons weren’t instantly out there for remark when contacted by BleepingComputer earlier as we speak.
Earlier this month, hackers additionally started deploying malware on units left unpatched in opposition to an unauthenticated distant code execution (RCE) vulnerability (CVE-2024-7399) within the Samsung MagicINFO 9 Server, a centralized content material administration system (CMS) utilized by airports, retail chains, hospitals, enterprises, and eating places.
Replace September 12, 10:17 EDT: Added Meta assertion.
46% of environments had passwords cracked, practically doubling from 25% final 12 months.
Get the Picus Blue Report 2025 now for a complete take a look at extra findings on prevention, detection, and information exfiltration traits.
