CISA Warns of Samsung Mobile Devices 0-Day RCE Vulnerability Exploited in Attacks

Posted on By CWS

CISA has added a vital zero-day vulnerability affecting Samsung cellular units to its Identified Exploited Vulnerabilities catalog. Warning that menace actors are actively exploiting the flaw in real-world assaults.

The vulnerability, tracked as CVE-2025-21042, is an out-of-bounds write vulnerability within the libimagecodec.quram.so library on Samsung cellular units.

This safety flaw permits distant attackers to execute arbitrary code on susceptible units with out consumer interplay, making it notably harmful and liable to widespread exploitation.

Samsung 0-Day RCE Vulnerability Exploited

The vulnerability is assessed below CWE-787, which represents out-of-bounds write flaws that may result in reminiscence corruption and unauthorized code execution.

The CISA researchers have confirmed that attackers are leveraging this zero-day to compromise Samsung smartphones. Nevertheless, particular particulars in regards to the assault campaigns stay restricted.

CISA’s choice so as to add CVE-2025-21042 to the KEV catalog on November 10, 2025, alerts that federal companies have confirmed lively exploitation makes an attempt focusing on this vulnerability.

Whereas it stays unknown whether or not the flaw has been weaponized in ransomware campaigns, the distant code execution functionality poses important dangers to each particular person customers and enterprise environments.

CVE IDDescriptionImpactCWECVE-2025-21042Out-of-Bounds Write Vulnerability in libimagecodec.quram.soRemote Code Execution (RCE)CWE-787

Exploiting the vulnerability may allow attackers to achieve full management of affected units, doubtlessly resulting in knowledge theft, surveillance, or using compromised smartphones as entry factors into company networks.

Federal companies should apply safety patches and mitigations by December 1, 2025, based on CISA’s Binding Operational Directive 22-01.

Samsung customers throughout all sectors ought to instantly verify for out there safety updates and set up them directly.

Organizations that can’t instantly patch susceptible units ought to implement compensating controls or think about discontinuing use till fixes turn into out there.

Samsung’s September 2025 patch for CVE-2025-21043 addressed a associated zero-day in the identical library

Customers ought to stay vigilant and solely obtain purposes from trusted sources whereas monitoring their units for suspicious exercise.

Observe us on Google Information, LinkedIn, and X for day by day cybersecurity updates. Contact us to characteristic your tales.

Cyber Security News Tags:, , , , , , , , ,

Related Posts

QNAP NetBak Replicator Vulnerability Let Attackers Execute Unauthorized Code Cyber Security News
New Chinese Nexus APT Hackers Attacking Organizations to Deliver NET-STAR Malware Suite Cyber Security News
Samsung MagicINFO 9 Server Vulnerability Let Attackers Write Arbitrary File Cyber Security News
CISA Warns of Microsoft SharePoint Code Injection and Authentication Vulnerability Exploited in Wild Cyber Security News
Hackers Launch Widespread Attacks on Palo Alto GlobalProtect Portals from 7,000+ IPs Cyber Security News
NVIDIA and Lakera AI Propose Unified Framework for Agentic System Safety Cyber Security News