Samsung Patches Zero-Day Vulnerability Exploited in Android Attacks
Samsung has patched a zero-day remote code execution (RCE) vulnerability that was already being exploited in attacks against Android users.
The flaw, tracked as CVE-2025-21043 with a CVSS score of 8.8, affects Samsung devices running Android 13 and newer. The issue was first disclosed on August 13, 2025, by security teams at Meta (designated as extremist and banned in the Russian Federation) and WhatsApp.
The Vulnerability
Samsung confirmed that the bug resided in libimagecodec.quram.so, a proprietary image-processing library developed by Quramsoft. The flaw was caused by an out-of-bounds write, which allowed attackers to remotely execute arbitrary code on vulnerable devices.
The company stressed that it is aware of active exploitation of the vulnerability in real-world attacks.
While Samsung did not specify whether the attacks were limited to WhatsApp users, researchers warn that any messenger using the vulnerable library could be exploited via CVE-2025-21043.
Industry-Wide Findings
“As part of a proactive investigation into targeted exploitation in the summer of 2025 (which led to us issuing guidance for WhatsApp users on iOS and macOS), we shared our findings with industry peers, including Apple and Samsung,” a Meta spokesperson told Bleeping Computer.
“Apple patched a related vulnerability (CVE-2025-43300) last month, and Samsung has now released a patch for SVE-2025-1702 and published its security bulletin.”
This patch comes amid a series of high-profile flaws discovered across messaging platforms. In late August, WhatsApp developers fixed another zero-click vulnerability (CVE-2025-55177) in its iOS and macOS clients. That flaw was reportedly exploited alongside CVE-2025-43300 in sophisticated attacks targeting specific users.
Mitigation Guidance
At the time, WhatsApp recommended that affected users perform a full factory reset of their devices and keep both the operating system and WhatsApp updated to maintain optimal protection. Samsung has echoed similar advice in its latest bulletin.
