Samsung has launched its September 2025 safety replace, addressing a vital zero-day vulnerability that’s being actively exploited within the wild.
The patch resolves a complete of 25 Samsung Vulnerabilities and Exposures (SVEs), alongside fixes from Google and Samsung Semiconductor, to safeguard Galaxy units in opposition to a variety of safety threats.
Customers are strongly urged to put in the replace instantly to guard their units from potential distant code execution assaults.
Samsung Patches Actively Exploited Zero-Day
Probably the most extreme flaw addressed on this replace is tracked as CVE-2025-21043, a vital out-of-bounds write vulnerability within the libimagecodec.quram.so library. This vulnerability impacts units working Android variations 13, 14, 15, and 16.
A profitable exploit might permit a distant attacker to execute arbitrary code on a susceptible gadget, seemingly by tricking the consumer into processing a specifically crafted picture.
Samsung has confirmed that an exploit for this challenge already exists, elevating the urgency for customers to use the patch.
The safety groups at Meta and WhatsApp privately disclosed the vulnerability. The patch corrects the inaccurate implementation that led to the flaw.
The September Safety Upkeep Launch (SMR) additionally contains patches for 2 different high-severity vulnerabilities. The primary, CVE-2025-32100, was famous within the bulletin with out particular particulars however is rated as excessive severity.
One other important repair, recognized as CVE-2025-21034, addresses an out-of-bounds write vulnerability within the libsavsvc.so library.
This flaw might permit an area attacker to execute arbitrary code, posing a critical danger if a malicious utility is already current on the gadget.
The patch mitigates this risk by including correct enter validation to stop reminiscence corruption.
Fixes And Replace Particulars
Past the vital and high-severity points, the replace resolves quite a few moderate-severity vulnerabilities throughout numerous system elements.
These embody improper entry management flaws in One UI House (CVE-2025-21032) that might let a bodily attacker bypass Kiosk mode, and a flaw in ContactProvider (CVE-2025-21033) permitting native attackers to entry delicate info.
Different patches deal with points within the ImsService that might result in name interruption or non permanent SIM disabling. The safety replace, designated SMR Sep-2025 Launch 1, will roll out to supported Galaxy smartphones and tablets within the coming weeks.
Customers can examine for the replace by navigating to Settings > Software program replace > Obtain and set up.
Discover this Story Attention-grabbing! Observe us on Google Information, LinkedIn, and X to Get Extra Instantaneous Updates.
