Samsung fixed actively exploited zero-day

Samsung fixed the remote code execution flaw CVE-2025-21043 that was exploited in zero-day attacks against Android devices.

Samsung addressed the remote code execution vulnerability, tracked as CVE-2025-21043, that was exploited in zero-day attacks against Android users.

The vulnerability is an out-of-bounds Write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1. A remote attacker can exploit the flaw to execute arbitrary code.

An out-of-bounds write occurs when a program writes data beyond the boundaries of its allocated memory buffer, which can corrupt data, crash the program, or allow code execution by attackers.

The vulnerability was reported by the security teams of Meta and WhatsApp on August 13.

Samsung released a patch to fix the incorrect implementation.

In late August, WhatsApp sent out a round of threat notifications to individuals they believe were targeted by an advanced spyware campaign in the past 90 days. WhatsApp warned some users that a malicious message may have exploited OS flaws to compromise devices and data.

The attack requires no user interaction, meaning victims could be compromised without clicking a link or downloading a file. Such exploits are typically linked to well-resourced threat actors, including state-sponsored groups. WhatsApp urges recipients of the notification to review their devices for unusual behavior, update to the latest version, and enable enhanced security measures to reduce the risk of further compromise.

WhatsApp announced that it had already patched the flaw exploited by attackers, but risks remain.

Amnesty researchers who are investigating the attack report that the exploit targets an authorization bypass issue, tracked as CVE-2025-55177, in WhatsApp on iOS and Mac. The exploit allowed attackers to force “content from arbitrary URL” to be rendered on a target device. Threat actors also exploited a zero-click vulnerability, recently patched by Apple (CVE-2025-43300), in the attacks.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Meta)