Samsung has patched a distant code execution vulnerability that was exploited in zero-day assaults focusing on its Android gadgets.
Tracked as CVE-2025-21043, this vital safety flaw impacts Samsung gadgets operating Android 13 or later and was reported by the safety groups of Meta and WhatsApp on August 13.
As Samsung explains in a not too long ago up to date advisory, this vulnerability was found in libimagecodec.quram.so (a closed-source picture parsing library developed by Quramsoft that implements help for numerous picture codecs) and is attributable to an out-of-bounds write weak point that enables attackers to execute malicious code on weak gadgets remotely.
“Out-of-bounds Write in libimagecodec.quram.so previous to SMR Sep-2025 Launch 1 permits distant attackers to execute arbitrary code,” Samsung says. “Samsung was notified that an exploit for this subject has existed within the wild.”
Whereas the corporate did not specify whether or not the assaults focused solely WhatsApp customers with Samsung Android gadgets, different instantaneous messengers that make the most of the weak picture parsing library is also doubtlessly focused utilizing CVE-2025-21043 exploits.
In late August, WhatsApp additionally patched a zero-click vulnerability (CVE-2025-55177) in its iOS and macOS messaging purchasers that was chained with an Apple zero-day flaw (CVE-2025-43300) in “extraordinarily refined” focused zero-day assaults.
WhatsApp urged doubtlessly impacted customers on the time to maintain their gadgets and software program updated and to reset their gadgets to manufacturing unit settings.
Though Apple and WhatsApp have not launched any particulars relating to the assaults chaining CVE-2025-55177 and CVE-2025-43300, Donncha Ó Cearbhaill (the pinnacle of Amnesty Worldwide’s Safety Lab) stated that WhatsApp has warned some customers that their gadgets had been focused in a sophisticated spyware and adware marketing campaign.
Samsung and Meta spokespersons weren’t instantly accessible for remark when contacted by BleepingComputer earlier right now.
Earlier this month, hackers additionally started deploying malware on gadgets left unpatched in opposition to an unauthenticated distant code execution (RCE) vulnerability (CVE-2024-7399) within the Samsung MagicINFO 9 Server, a centralized content material administration system (CMS) utilized by airports, retail chains, hospitals, enterprises, and eating places.
46% of environments had passwords cracked, practically doubling from 25% final 12 months.
Get the Picus Blue Report 2025 now for a complete take a look at extra findings on prevention, detection, and information exfiltration tendencies.
