CVE-2025-21042 is an out-of-bounds write vulnerability in Samsung mobile devices' image processing library that requires user interaction with malicious DNG image files. While actively exploited via messaging apps like WhatsApp, it targets client devices rather than internet-facing servers.
Data Source: CIRCL
Confidence: HIGH
Exploitation Method: USER_INTERACTION
CVE Published: 2025-09-12
Added to CISA KEV: 2025-11-10 59 DAYS BETWEEN CVE AND KEV
CVE-2025-21042 is a critical zero-day vulnerability in Samsung's Android image processing library (`libimagecodec.quram.so`) that has been actively exploited in the wild [6][1]. Here's a breakdown of what is known about its exploitation:
Commercial-grade LANDFALL spyware exploits CVE-2025-21042 in Samsung Android’s image processing library.The silhouette of a bull facing the reviewer and the Taurus constellation inside an orange abstract planet. Abstract, stylized cosmic setting with vibrant blue and purple shapes, representing spac…
The activity involved the exploitation of CVE-2025-21042 (CVSS score: 8.8), an out-of-bounds write flaw in the "libimagecodec.quram.so" component that could allow remote attackers to execute arbitrary code, according to Palo Alto Networks Unit 42.
The exploitation of CVE-2025-21042 to distribute LANDFALL spyware illustrates the widening attack surface in mobile ecosystems. For Samsung Galaxy users in the Middle East, the campaign represents both a direct invasion of privacy and a notable evolution in cyber-espionage tactics. Vigilance, device…
CVE-2025-21042 is a high-severity vulnerability identified in Samsung Mobile Devices, specifically involving an out-of-bounds write flaw in the component libimagecodec.quram.so.
The exploitability of CVE-2025-21042 depends on two key factors: attack complexity (the level of effort required to execute an exploit) and privileges required (the access level an attacker needs).