Samsung Users: Update Now to Patch Critical Zero-Day Vulnerability
Samsung has released its September security updates for Android, addressing a critical zero-day vulnerability that had already been exploited in active attacks. The flaw, tracked as CVE-2025-21043 and rated 8.8 on the CVSS scale, is a buffer overflow in the library libimagecodec.quram.so that enables remote execution of arbitrary code on affected devices.
In its official advisory, the South Korean manufacturer explained that the issue stemmed from improper implementation within libimagecodec.quram.so, a closed-source image processing library developed by Quramsoft that supports a wide array of graphic formats.
The flaw allowed data to be written beyond allocated memory boundaries, opening the door to exploitation. The vulnerability affected Android versions 13, 14, 15, and 16, and was privately reported to Samsung on August 13, 2025. It has now been patched in the SMR September-2025 Release 1 update.
Although Samsung confirmed that the bug had been weaponized in real-world attacks, it withheld details on how the exploit chain was carried out or who was behind the intrusions. Such caution is typical when investigations remain ongoing or when public disclosure of technical specifics could trigger further waves of exploitation.
The fix followed closely on Google’s announcement of patches for two other actively exploited Android flaws—CVE-2025-38352 and CVE-2025-48543. Both vulnerabilities had been leveraged in targeted attacks to seize control of devices.
September has thus proven to be a turbulent month for the Android ecosystem: several severe vulnerabilities were simultaneously exploited in the wild, forcing vendors to rush out emergency updates in order to safeguard users.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
