Samsung has rolled out its September 2025 security updates addressing a critical zero-day vulnerability that has reportedly been exploited in the wild, highlighting ongoing risks for mobile users.

The flaw, identified as CVE-2025-21043 with a CVSS score of 8.8, is an out-of-bounds write vulnerability in Samsung’s libimagecodec.quram.so library, a component used by apps to process images. Successful exploitation could allow attackers to execute arbitrary code on affected devices.

According to Samsung, the vulnerability was reported by Meta and WhatsApp on August 13, and evidence suggests that it was actively leveraged, potentially targeting WhatsApp users. While the company has not released full technical details, the advisory confirms the severity and real-world exploitation.

This issue draws parallels to a recently disclosed Apple vulnerability (CVE-2025-43300) in the ImageIO framework, which, when combined with another WhatsApp flaw (CVE-2025-55177), enabled sophisticated spyware campaigns against specific targets. Both iOS and Android users, particularly civil society members, journalists, and human rights defenders, may have been affected by these attacks, likely carried out by commercial spyware vendors.

Experts note that the Samsung zero-day likely allowed attackers to exploit gaps in OS-level code used by messaging apps like WhatsApp, enabling remote code execution across devices. The patch addresses this risk and underscores the importance of keeping devices updated with the latest security fixes.

Organizations and individuals are strongly advised to install the latest Samsung updates immediately to prevent potential compromise by attackers exploiting this vulnerability.

Source: https://www.securityweek.com/samsung-patches-zero-day-exploited-against-android-users