CVE-2025-21043

CVSS v3.1

Critical

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Samsung devices versions Android 13 through 16

Description A critical out-of-bounds write vulnerability exists in the libimagecodec.quram.so library, potentially allowing remote attackers to execute arbitrary code on vulnerable devices. This flaw was actively exploited in attacks, with reports indicating exploitation via malicious images, potentially through messaging applications like WhatsApp. The vulnerability was reported by Meta and WhatsApp security teams and has been addressed in the September 2025 security update. The vulnerability affects Samsung Galaxy devices and has been exploited in the wild.

Recommendations Install the September 2025 security update on all affected devices.

Fix

RCE

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

BDU:2025-15409

CVE-2025-21043

Affected Products

Android

Samsung Quram Image Codec

CVE-2025-21043

Weakness Enumeration

Related Identifiers

Affected Products

References · 127