CVE-2025-21042

Name of the Vulnerable Software and Affected Versions Samsung Galaxy devices versions prior to April 2025 Security Maintenance Release (SMR Apr-2025 Release 1) Samsung Galaxy S10e (not affected) Samsung Galaxy S22, S23, S24 Samsung Galaxy Z Fold4 Samsung Galaxy Z Flip4

Description A critical out-of-bounds write vulnerability exists in the

libimagecodec.quram.so

library of Samsung Galaxy devices, allowing remote attackers to execute arbitrary code. This flaw, identified as CVE-2025-21042, was actively exploited in the wild as a zero-day to deliver the LANDFALL spyware. The attack vector involved specially crafted DNG image files, often delivered via WhatsApp, exploiting a flaw in the image processing library. The spyware enables comprehensive surveillance, including access to microphone recordings, location data, photos, contacts, and call logs. The campaign primarily targeted individuals in the Middle East, including Iraq, Iran, Turkey, and Morocco. The exploit chain potentially operated without user interaction (zero-click). The vulnerability was patched in the April 2025 Security Maintenance Release (SMR Apr-2025 Release 1).

Recommendations Update Samsung Galaxy devices to the April 2025 Security Maintenance Release (SMR Apr-2025 Release 1) or later. Disable auto-download of multimedia in messaging applications. Avoid opening unknown DNG/RAW files. Consider disabling the vulnerable image processing library if possible.