Samsung patched **CVE-2025-21043**, a **critical remote code execution (RCE) vulnerability** in **libimagecodec.quram.so**, a closed-source image parsing library by Quramsoft. The flaw, an **out-of-bounds write weakness**, allowed attackers to inject malicious code via **specially crafted image files**, compromising devices **without user interaction** (zero-click). Exploited in live attacks since August 2025, it posed a severe risk to **Android 13–16 devices**, including those using WhatsApp and other messaging apps.The vulnerability granted attackers **direct access to user data**, potentially enabling **data theft, surveillance, or further system compromise**. While Samsung’s September 2025 Security Maintenance Release addressed the issue, delayed patching left users exposed to **active exploitation**. Security experts emphasized the urgency of updates, warning that unpatched devices remained vulnerable to **highly targeted campaigns**, similar to a prior WhatsApp zero-click flaw (CVE-2025-55177) chained with an Apple zero-day.The incident underscores the **criticality of third-party library risks** and the need for **proactive patch management** to mitigate large-scale breaches. Failure to update could result in **widespread data exposure**, financial fraud, or further supply-chain attacks leveraging the same library.
Source: https://hackread.com/samsung-android-image-parsing-vulnerability-attacks/
TPRM report: https://www.rankiteo.com/company/samsungsemiconductor
"id": "sam2902029091525",
"linkid": "samsungsemiconductor",
"type": "Vulnerability",
"date": "8/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Samsung Android Users (Android '
'13–16)',
'industry': 'Technology (Consumer Electronics)',
'location': 'Suwon, South Korea',
'name': 'Samsung Electronics',
'size': 'Large (Global)',
'type': 'Corporation'},
{'customers_affected': 'Potential WhatsApp Users on '
'Samsung Devices',
'industry': 'Technology (Messaging)',
'location': 'Menlo Park, California, USA',
'name': 'WhatsApp (Meta)',
'size': 'Large (Global)',
'type': 'Subsidiary'},
{'industry': 'Software Development',
'location': 'Yongin, South Korea',
'name': 'Quramsoft',
'type': 'Software Vendor'}],
'attack_vector': ['Malicious Image Files',
'Closed-Source Library Exploitation '
'(libimagecodec.quram.so)'],
'customer_advisories': ['Urgent update notification for Samsung Android '
'users'],
'date_detected': '2025-08',
'date_publicly_disclosed': '2025-09',
'date_resolved': '2025-09',
'description': 'Samsung has patched a serious security vulnerability '
'(CVE-2025-21043) in its Android devices, which was actively '
'exploited by hackers. The flaw, an out-of-bounds write '
'weakness in the closed-source image parsing library '
"'libimagecodec.quram.so' (developed by Quramsoft), allowed "
'attackers to execute remote code by sending malicious image '
'files. Users could be compromised without interaction. The '
'issue was reported in August 2025 by Meta and WhatsApp '
"security teams and addressed in Samsung's September 2025 "
'Security Maintenance Release. The update also includes '
'patches for other high/critical flaws affecting Android 13–16 '
'devices.',
'impact': {'brand_reputation_impact': ['Potential Reputation Risk Due to '
'Critical Vulnerability'],
'data_compromised': ['Potential User Data (via RCE)'],
'identity_theft_risk': ['High (if RCE led to data exfiltration)'],
'systems_affected': ['Samsung Android Devices (Android 13–16)']},
'initial_access_broker': {'entry_point': ['Malicious Image Files via '
'Messaging Apps (e.g., WhatsApp)']},
'investigation_status': 'Resolved (Patched)',
'lessons_learned': ['Critical vulnerabilities in closed-source libraries can '
'have wide-ranging impacts across multiple apps/devices.',
'Zero-click exploits underscore the need for proactive '
'patching even without user interaction.',
'Collaboration between vendors (Samsung, Meta/WhatsApp) '
'is essential for rapid mitigation.'],
'post_incident_analysis': {'corrective_actions': ['Released September 2025 '
'Security Maintenance '
'Release with '
'CVE-2025-21043 patch.',
'Collaborated with '
'Meta/WhatsApp for '
'vulnerability disclosure.',
'Included additional '
'patches for related flaws '
'in Android 13–16.'],
'root_causes': ['Out-of-bounds write vulnerability '
"in Quramsoft's "
'libimagecodec.quram.so library.',
'Lack of input validation for '
'image file parsing.',
'Delayed patching timeline '
'(reported in August, patched in '
'September).']},
'recommendations': ['Users should immediately install the September 2025 '
'security update.',
'Organizations should prioritize patch management for '
'third-party libraries.',
'Monitor for unusual activity in messaging apps (e.g., '
'WhatsApp) as potential attack vectors.',
'Adopt security hygiene practices like enabling automatic '
'updates.'],
'references': [{'source': 'Samsung Security Advisory (September 2025)'},
{'source': 'Meta/WhatsApp Security Bulletin (August 2025)'},
{'source': 'Black Duck (Nivedita Murthy, Senior Staff '
'Consultant)'}],
'response': {'communication_strategy': ['Public Advisory for Users to Update '
'Devices',
'Expert Recommendations (e.g., Black '
'Duck)'],
'containment_measures': ['September 2025 Security Maintenance '
'Release (Patch)'],
'incident_response_plan_activated': True,
'remediation_measures': ['Patch for CVE-2025-21043',
'Additional Patches from Google and '
'Samsung Semiconductor'],
'third_party_assistance': ['Meta Security Teams',
'WhatsApp Security Teams']},
'stakeholder_advisories': ['Public patch release',
'Expert commentary (e.g., Black Duck)'],
'title': 'Samsung Patches Critical Remote Code Execution Vulnerability '
'(CVE-2025-21043) in Android Devices',
'type': ['Vulnerability Exploitation',
'Remote Code Execution (RCE)',
'Zero-Click Attack'],
'vulnerability_exploited': 'CVE-2025-21043 (Out-of-Bounds Write in '
'libimagecodec.quram.so)'}