Samsung has patched a serious security vulnerability that hackers were already using in live attacks against its Android devices. The issue, tracked as CVE-2025-21043, was first reported in August 2025 by the security teams at Meta and WhatsApp and has since been confirmed as a critical remote code execution vulnerability.
According to Samsung, the vulnerability was found in libimagecodec.quram.so, a closed-source image parsing library created by Quramsoft, a software company in Yongin, South Korea.
The vulnerability, an out-of-bounds write weakness, gave attackers a way to push malicious code onto vulnerable devices by sending specially prepared image files. In practice, this means that a user could be compromised without knowingly opening or downloading anything suspicious.
While Samsung did not confirm whether attackers were only targeting WhatsApp users, the library is also used by other messaging apps, and attackers could try different ways to exploit the flaw, which is why the flaw has been classified as critical.
In August, WhatsApp patched another serious flaw (CVE-2025-55177), a zero-click vulnerability on iOS and macOS that was chained with an Apple zero-day in highly targeted campaigns.
As for CVE-2025-21043, the company has now addressed the issue as part of its September 2025 Security Maintenance Release. Along with this fix, the update includes patches from Google and Samsung’s own semiconductor division, covering a long list of high and critical flaws affecting Android 13 through Android 16 devices.
Security experts are emphasising the importance of applying this update as soon as possible. Ms. Nivedita Murthy, Senior Staff Consultant at Black Duck, explained that vulnerabilities like this one can give attackers a direct line to user data.
“Both Samsung and WhatsApp have released patches to address this issue. Organisations should remain vigilant for new vulnerabilities to protect application security without compromise. Users should ensure their devices and installed software are updated to the latest versions. Keeping devices up to date is a fundamental aspect of basic security hygiene; users should follow system notifications to stay current,” she said.
Samsung users must check for the September 2025 security update and install it promptly. As always, timely patching is the best defence against known and unknown cybersecurity threats.
