342/68 Monday, September 15, 2025
Samsung has released its monthly Android security update, which includes a fix for the critical zero-day vulnerability CVE-2025-21043 (CVSS 8.8). The flaw is an out-of-bounds write in the libimagecodec.quram.so library that could allow attackers to execute remote malicious code.
According to a 2020 report by Google Project Zero, libimagecodec.quram.so is a closed-source image processing library developed by Quramsoft. The fix was rolled out in Samsung Mobile Security Release (SMR) Sep-2025 Release 1. The vulnerability affects Android versions 13, 14, 15, and 16, and was privately reported to Samsung on August 13, 2025.
While Samsung did not disclose details of the exploitation or identify the threat actors behind it, the company acknowledged that the vulnerability had been actively exploited. This incident follows Google’s recent disclosure of two other Android zero-day vulnerabilities (CVE-2025-38352 and CVE-2025-48543) that were exploited in targeted attack operations, highlighting the urgent need for both users and developers to apply security updates without delay.
Source https://thehackernews.com/2025/09/samsung-fixes-critical-zero-day-cve.html
