Samsung has issued its September 2025 security update to address a high-criticality zero-day vulnerability tracked as CVE-2025-21043 (CVSS score 8.8). The flaw originates from an out-of-bounds write issue within the libimagecodec.quram.so library, which is used by Samsung Android devices to process image files.
This vulnerability enables remote attackers to execute malicious code—such as installing spyware or malware—without requiring any user interaction, effectively enabling zero-click compromises.

What Happened?

• The vulnerability was reported by Meta and WhatsApp’s security teams on 13 August 2025. It has already been exploited in the wild, likely targeting WhatsApp users or other apps that process incoming images.

• The flaw affects Samsung devices running Android 13 through Android 16, including popular Galaxy series models.

• Early indicators suggest this exploitation may be part of an advanced spyware campaign, similar to attacks seen on iPhone devices (e.g., Apple’s CVE-2025-43300), where attackers can take over a device silently and without detection.

Impact on Users

• Successful exploitation could allow attackers to steal sensitive data, gain full control of the device, or install sophisticated spyware without the user’s knowledge.

• Users who frequently exchange images via messaging apps such as WhatsApp are at higher risk, as the vulnerability can be triggered simply by receiving a specially crafted image file.

Samsung’s Response

Samsung has confirmed active exploitation and quickly pushed a fix through its monthly security update. The patch corrects the flawed implementation inside the affected image-processing library.
Devices within the standard Samsung update cycle—such as Galaxy S-series and Galaxy Note models—are expected to receive the update promptly. Users are strongly advised to install it as soon as it becomes available.

Recommendations for Galaxy Users

• Update immediately: Go to Settings > Software Update > Download and Install, then restart the device after installation.

• Stay cautious: Avoid opening images or files from unknown sources, especially in messaging apps. Enable Google Play Protect and use two-factor authentication (2FA) for added security.

• If you suspect compromise: Watch for unusual behavior such as rapid battery drain or unfamiliar apps. Consider performing a factory reset after applying the update, but ensure important data is backed up first.

Conclusion

This incident highlights the growing sophistication of modern spyware attacks, echoing high-profile cases like Pegasus. Keeping devices fully updated remains one of the most effective ways to reduce exposure to emerging threats. Users are encouraged to apply Samsung’s latest security patch immediately to protect their devices from active exploitation.