Samsung has released monthly security updates for Android. This includes fixing a security vulnerability that it said was exploited in a zero-day attack.
Vulnerability, CVE-2025-21043 (CVSS score: 8.8), about out-of-range writes that can result in arbitrary code execution.
“Bunds of bounds write so in libimagecodec.quram.s allows remote attackers to execute arbitrary code by using release 1 before SMR SEP-2025.” “The patch fixed an incorrect implementation.”
According to a 2020 report from Google Project Zero, LibimageCodec.Quram.SO is a closed-source image analysis library developed by QuramSoft, which implements support for a variety of image formats.
According to the Korean electronics giant, key ratings will affect Android versions 13, 14, 15 and 16. The vulnerability was made public to individuals on August 13th, 2025.
Samsung did not share details about how the vulnerabilities were exploited in the attacks and what could be behind these efforts. However, he acknowledged that “exploitation of this issue exists in the wild.”
This development comes shortly after Google said it had resolved two security flaws on Android (CVE-2025-38352 and CVE-2025-48543).
