Samsung has issued its monthly security updates for Android, including a critical fix for a vulnerability that the company confirmed has been exploited in zero-day attacks. The flaw, identified as CVE-2025-21043, is a high-severity issue with a CVSS score of 8.8. It is described as an out-of-bounds write that could potentially allow a remote attacker to execute arbitrary code. Samsung’s advisory stated that the patch addresses an “incorrect implementation” within a specific library.
The vulnerability is specifically located in libimagecodec.quram.so, a proprietary image parsing library developed by Quramsoft. According to a 2020 report from Google Project Zero, this library is responsible for handling various image formats within the Android system. This vulnerability, which was privately reported to Samsung on August 13, 2025, poses a significant risk to users because it can be exploited remotely without user interaction.
The critical-rated issue affects a wide range of devices, impacting Android versions 13, 14, 15, and 16. The out-of-bounds write could allow a maliciously crafted image to be processed by the library, leading to a system compromise. While Samsung did not provide specific details on the nature of the zero-day attacks or who may be behind them, the company’s confirmation that an exploit for this issue “has existed in the wild” underscores the urgency for users to update their devices.
This incident is the latest in a series of actively exploited Android vulnerabilities. The announcement from Samsung follows a recent similar disclosure by Google, which also resolved two security flaws, CVE-2025-38352 and CVE-2025-48543, that it said were being exploited in targeted attacks. The recurring discovery of such vulnerabilities highlights the ongoing threat landscape for mobile devices and the importance of regular software updates.
For users, the key takeaway is to install the latest security updates as soon as they become available. Both Samsung and Google are working to patch these dangerous zero-day flaws, but the responsibility to install the fixes rests with the device owner. Staying up-to-date with these monthly security releases is the most effective way to protect against exploits that could compromise personal data and device integrity.
Reference:
