๐ŸŸข CVE-2025-21043

CVE-2025-21043 is an out-of-bounds write vulnerability in Samsung Android devices' image codec library that requires user interaction for exploitation. While actively exploited as a zero-day, it affects client devices rather than internet-facing servers.

โ† Back to Overview
LOW_RISK
Risk Level
8.8
CVSS Score
NETWORK
Attack Vector
Execution
ATT&CK Tactic
T1203 โ€” Exploitation for Client Execution
ATT&CK Technique
VERY_LOW
Deployment Risk
No
Ransomware

๐Ÿ“‹ Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: USER_INTERACTION

CVE Published: 2025-09-12

Added to CISA KEV: 2025-10-02 20 DAYS BETWEEN CVE AND KEV

๐ŸŽฏ Recommendations:

๐Ÿ” Web Intelligence (Kagi ยท 2025-10-02)

CVE-2025-21043 is a critical vulnerability affecting Samsung Android devices and allows for remote attackers to execute arbitrary code [1][2]. Here's a breakdown of what is known about its exploitation:

  • Affected Applications/Services: The vulnerability resides in the `libimagecodec.quram.so` library on Android versions 13, 14, 15, and 16 [8][6].
  • Active Exploitation: CVE-2025-21043 has been actively exploited as a zero-day vulnerability [4].
  • Attack Vectors/Exploitation Methods: The vulnerability is an out-of-bounds write issue [1][2]. It's suggested that it might have been exploited in attacks targeting WhatsApp users [3].
  • Targeted Attacks: There are indications that CVE-2025-21043 has been used in targeted attacks [3].
  • CISA KEV Status: As of now, CVE-2025-21043 is not explicitly listed in CISA's Known Exploited Vulnerabilities (KEV) catalog [9][5].
  • Technical Details/Internet Exploitability: The vulnerability is an out-of-bounds write, allowing remote attackers to execute arbitrary code [1][2]. The attack vector is logically remote, and successful exploitation doesn't require privileges [7].

Sources

  1. CVE-2025-21043 Security Vulnerability & Exploit Details

    CVE-2025-21043 - Out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code.

  2. Samsung Patches Zero-Day Exploited Against Android Users

    The timing of the report and the fact that the Samsung zero-day was in a core image library suggests that CVE-2025-21043 might have been exploited in attacks targeting WhatsApp users, just as was CVE-2025-43300, an out-of-bounds write issue in the ImageIO framework component of iOS, iPadOS, and macOโ€ฆ

  3. CVE-2025-21043 Detail - NVD

    Out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code. Metrics. CVSS ...

  4. CISA Sounds Alarm on Critical Sudo Flaw Actively Exploited in Linux and ...

    The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting the Sudo command-line utility for Linux and Unix-like operating systems to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vuโ€ฆ

  5. Samsung Fixes Critical Zero-Day CVE-2025-21043 ...

    Samsung patched CVE-2025-21043 on Sep 2025 after zero-day Android exploits enabled code execution.

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

๐Ÿ“„ Download JSON Data | ๐Ÿ“ก RSS Feed