← back
CVE-2025-21042

CVE-2025-21042

CVSS 8.8 HIGHEPSS 11.6%● KEV
In short

A flaw in libimagecodec.quram.so allows attackers to write data beyond memory boundaries, potentially giving them the ability to run malicious code on affected devices. This affects phones with Samsung's April 2025 security update or earlier.

Technical detail

Out-of-bounds write vulnerability in libimagecodec.quram.so enables remote code execution via crafted image files. The attack vector is remote (malicious image input), with no authentication required. Impact includes arbitrary code execution with process privileges prior to patching in SMR Apr-2025 Release 1.

Summary generated and translated by AI from the official description.
Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitrary code.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Samsung Mobile · Samsung Mobile Devices
public PoCs found1
githubgithub.com/patricnilackshan/Samsung-CVE-2025-210420
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=04https://unit42.paloaltonetworks.com/landfall-is-new-commercial-grade-android-spyware/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-21042