Samsung’s September 2025 safety updates for Android units embody a patch for a vulnerability that has been exploited within the wild.
The exploited bug, tracked as CVE-2025-21043 (CVSS rating of 8.8), is described as an out-of-bounds write difficulty within the libimagecodec.quram.so picture parsing library, which is utilized by purposes that course of pictures on Samsung units.
In keeping with Samsung, profitable exploitation of the safety defect permits distant attackers to execute arbitrary code on weak units.
“Samsung was notified that an exploit for this difficulty has existed within the wild,” the cell phone maker notes in its advisory.
The corporate has not shared particulars on the flaw, nor on the noticed exploitation, however credited the Meta and WhatsApp safety groups for reporting it on August 13.
The timing of the report and the truth that the Samsung zero-day was in a core picture library means that CVE-2025-21043 may need been exploited in assaults concentrating on WhatsApp customers, simply as was CVE-2025-43300, an out-of-bounds write difficulty within the ImageIO framework part of iOS, iPadOS, and macOS.
The Apple bug, WhatsApp mentioned two weeks in the past, was seemingly chained with a WhatsApp vulnerability tracked as CVE-2025-55177 in “a classy assault towards particular focused customers”.
The Meta-owned communication platform mentioned on the time it had notified lower than 200 customers of potential assaults concentrating on their units.Commercial. Scroll to proceed studying.
WhatsApp’s late August advisory made no point out of CVE-2025-55177 being exploited towards Android customers, though Amnesty Worldwide’s Donncha Ó Cearbhaill mentioned that each iPhone and Android customers had been impacted. The assaults had been attributed to spy ware distributors.
“Early indications are that the WhatsApp assault is impacting each iPhone and Android customers, civil society people amongst them. Authorities spy ware continues to pose a risk to journalists and human rights defenders,” Ó Cearbhaill mentioned.
SecurityWeek has emailed each Samsung and WhatsApp for clarification and can replace this text if the 2 firms reply.
Associated: Hackers Exploit Sitecore Zero-Day for Malware Supply
Associated: Two Exploited Vulnerabilities Patched in Android
Associated: Sangoma Patches Vital Zero-Day Exploited to Hack FreePBX Servers
Associated: Citrix Patches Exploited NetScaler Zero-Day
