CISA has added a critical zero-day vulnerability affecting Samsung mobile devices to its Known Exploited Vulnerabilities catalog. Warning that threat actors are actively exploiting the flaw in real-world attacks.
The vulnerability, tracked as CVE-2025-21042, is an out-of-bounds write vulnerability in the libimagecodec.quram.so library on Samsung mobile devices.
This security flaw allows remote attackers to execute arbitrary code on vulnerable devices without user interaction, making it particularly dangerous and prone to widespread exploitation.
Samsung 0-Day RCE Vulnerability Exploited
The vulnerability is classified under CWE-787, which represents out-of-bounds write flaws that can lead to memory corruption and unauthorized code execution.
The CISA researchers have confirmed that attackers are leveraging this zero-day to compromise Samsung smartphones. However, specific details about the attack campaigns remain limited.
CISA’s decision to add CVE-2025-21042 to the KEV catalog on November 10, 2025, signals that federal agencies have confirmed active exploitation attempts targeting this vulnerability.
While it remains unknown whether the flaw has been weaponized in ransomware campaigns, the remote code execution capability poses significant risks to both individual users and enterprise environments.
| CVE ID | Description | Impact | CWE |
|---|---|---|---|
| CVE-2025-21042 | Out-of-Bounds Write Vulnerability in libimagecodec.quram.so | Remote Code Execution (RCE) | CWE-787 |
Exploiting the vulnerability could enable attackers to gain complete control of affected devices, potentially leading to data theft, surveillance, or the use of compromised smartphones as entry points into corporate networks.
Federal agencies must apply security patches and mitigations by December 1, 2025, according to CISA’s Binding Operational Directive 22-01.
Samsung users across all sectors should immediately check for available security updates and install them without delay.
Organizations that cannot immediately patch vulnerable devices should implement compensating controls or consider discontinuing use until fixes become available.
Samsung’s September 2025 patch for CVE-2025-21043 addressed a related zero-day in the same library
Users should remain vigilant and only download applications from trusted sources while monitoring their devices for suspicious activity.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
