Samsung has packed a remote code execution vulnerability that was exploited in zero-day attacks that targets its Android devices.
Tracked as the CVE-2025-21043, this significant security defects affect Samsung devices to the Samsung devices and later run Samsung devices and were reported by the security teams of Meta and WhatsApp on 13 August.
As mentioned in Samsung Recently updated advisorThis vulnerability was discovered in libimagecodec.Quram.so (a closed-source image developed by Kuramsoft that applies support for various image formats) and is caused by one Out-off-bounds right Cavity,
Says Samsung, “SMR SEP-2025 releases out-of-bounds release in Libimagecodec.Quram.so before release 1 remote attackers to execute arbitrary codes.” “Samsung was informed that an exploitation of the issue is present in the wild.”
Whereas Samsung It did not specify whether the attacks have targeted only WhatsApp users with Samsung Android devices, other instantaneous messengers who use weak image parsing library can be targeted using CVE -2025-21043 exploits potentially.
A Meta spokesperson told Blapping Copper, “As part of our active investigation in a highly targeted exploitation in summer (resulting in our security advisor for iOS/Macos WhatsApp users), we shared our conclusions with our industry partners, including Apple and Samsung.”
“Apple reduced the relevant high-seriousness vulnerability (CVE-2025-43300) last month. Samsung also released a patch for Sve-2025–1702 and published its security advisor this week.”
In the end of August, WhatsApp also picked a zero-clicic vulnerability (CVE-2025-55177) in its iOS and Macos messaging clients, which was a chain with one apple-day defect (CVE-2025-43300) in “highly refined” targeted zero-day attacks.
WhatsApp urged a potentially affected users at that time to keep its equipment and software up -to -date and reset their equipment into factory settings.
However, Apple and WhatsApp have not released any details about Cve-2025-55177 and CVE-2025-43300, Donncha or Cearbhaill (Head of Amnesty International’s Security Lab). Said That WhatsApp has warned some users that their equipment was targeted in an advanced spyware campaign.
The spokespersons of Samsung and Meta were not immediately available for comment on contact by Bleepingcomputer today.
Earlier this month, hackers began deploying malware on the equipment left against an unpublished remote code execution (RCE) vulnerability (RCE) vulnerability (RCE) in the Samsung Magicinfo 9 server, which a centralized material management system used by airports, retail chains, hospitals, entrepreneurs and restaurants (CMS).
September 12, update 10:17 EDT: Meta statement added.
The passwords broke in 46% of the atmosphere, almost doubled by 25% last year.
Picus Blue Report 2025 Now get a wider look at more conclusions on prevention, detection and data exfIs.
