CVE-2025-21042 is an out-of-bounds write vulnerability in Samsung mobile devices' image processing library that requires user interaction with malicious DNG image files. While actively exploited via messaging apps like WhatsApp, it targets client devices rather than internet-facing servers.
Data Source: CIRCL
Confidence: HIGH
Exploitation Method: USER_INTERACTION
CVE Published: 2025-09-12
Added to CISA KEV: 2025-11-10 59 DAYS BETWEEN CVE AND KEV
Commercial-grade LANDFALL spyware exploits CVE-2025-21042 in Samsung Androidβs image processing library.The silhouette of a bull facing the reviewer and the Taurus constellation inside an orange abstract planet. Abstract, stylized cosmic setting with vibrant blue and purple shapes, representing space and distant planetary bodies. Malware September 30, 2025.
The activity involved the exploitation of CVE-2025-21042 (CVSS score: 8.8), an out-of-bounds write flaw in the "libimagecodec.quram.so" component that could allow remote attackers to execute arbitrary code, according to Palo Alto Networks Unit 42.
The exploitation of CVE-2025-21042 to distribute LANDFALL spyware illustrates the widening attack surface in mobile ecosystems. For Samsung Galaxy users in the Middle East, the campaign represents both a direct invasion of privacy and a notable evolution in cyber-espionage tactics. Vigilance, device hygiene, and timely patching remain non ...
CVE-2025-21042 is a high-severity vulnerability identified in Samsung Mobile Devices, specifically involving an out-of-bounds write flaw in the component libimagecodec.quram.so.
The exploitability of CVE-2025-21042 depends on two key factors: attack complexity (the level of effort required to execute an exploit) and privileges required (the access level an attacker needs).