Samsung has released its monthly security updates for Android, including a fix for a safety vulnerability that has been exploited in zero-day attacks.
Religion, Cve-2025-21043 (CVSS Score: 8.8), worrys of writing an out-of-bound, resulting in arbitrary code execution.
Samsung said in an advice, “SMR-2025 release 1 before Libimagecodec.Quram.so allows 1 remote attackers to execute arbitrary codes.” “The patch fixed the wrong implementation.”
According to the 2020 report by the Google Project Zero, Libimagecodec.Quram.so is a closed-source image parsing library developed by Quramsoft that applies support for various image formats.
According to the South Korean electronics giants, the important rated issue affects the Android version 13, 14, 15 and 16. The vulnerability was reported to the company on August 13, 2025.
Samsung did not share any nuances on how the vulnerability is being exploited in the attacks and who can be behind these efforts. However, it was accepted that “an exploitation for the issue is present in the wild.”
Google said that it said shortly after resolving two security flaws in Android (CVE-2025-38352 and CVE-2025-48543), it said that it has been said that it has been exploited in the targeted attacks.
