CISA has added a vital zero-day vulnerability affecting Samsung cellular units to its Identified Exploited Vulnerabilities catalog. Warning that menace actors are actively exploiting the flaw in real-world assaults.
The vulnerability, tracked as CVE-2025-21042, is an out-of-bounds write vulnerability within the libimagecodec.quram.so library on Samsung cellular units.
This safety flaw permits distant attackers to execute arbitrary code on susceptible units with out consumer interplay, making it notably harmful and liable to widespread exploitation.
Samsung 0-Day RCE Vulnerability Exploited
The vulnerability is assessed below CWE-787, which represents out-of-bounds write flaws that may result in reminiscence corruption and unauthorized code execution.
The CISA researchers have confirmed that attackers are leveraging this zero-day to compromise Samsung smartphones. Nevertheless, particular particulars in regards to the assault campaigns stay restricted.
CISA’s choice so as to add CVE-2025-21042 to the KEV catalog on November 10, 2025, alerts that federal companies have confirmed lively exploitation makes an attempt focusing on this vulnerability.
Whereas it stays unknown whether or not the flaw has been weaponized in ransomware campaigns, the distant code execution functionality poses important dangers to each particular person customers and enterprise environments.
CVE IDDescriptionImpactCWECVE-2025-21042Out-of-Bounds Write Vulnerability in libimagecodec.quram.soRemote Code Execution (RCE)CWE-787
Exploiting the vulnerability may allow attackers to achieve full management of affected units, doubtlessly resulting in knowledge theft, surveillance, or using compromised smartphones as entry factors into company networks.
Federal companies should apply safety patches and mitigations by December 1, 2025, based on CISA’s Binding Operational Directive 22-01.
Samsung customers throughout all sectors ought to instantly verify for out there safety updates and set up them directly.
Organizations that can’t instantly patch susceptible units ought to implement compensating controls or think about discontinuing use till fixes turn into out there.
Samsung’s September 2025 patch for CVE-2025-21043 addressed a associated zero-day in the identical library
Customers ought to stay vigilant and solely obtain purposes from trusted sources whereas monitoring their units for suspicious exercise.
Observe us on Google Information, LinkedIn, and X for day by day cybersecurity updates. Contact us to characteristic your tales.
