**Name of the Vulnerable Software and Affected Versions:**

Samsung devices running Android versions 13 through 16

**Description:**

A critical zero-day vulnerability (CVE-2025-21043) exists in the `libimagecodec.quram.so` library, which is used for image processing. This vulnerability is an out-of-bounds write issue that allows remote attackers to execute arbitrary code on vulnerable devices. The vulnerability has been actively exploited in attacks, with reports indicating exploitation via malicious images, potentially through messaging applications like WhatsApp. Meta and WhatsApp security teams reported the vulnerability to Samsung on August 13, 2025. The flaw impacts devices running Android 13, 14, 15, and 16.

**Recommendations:**

Update to the SMR Sep-2025 Release 1 to patch the vulnerability.