Samsung patches critical Vulnerability exploited in targeted attacks on Galaxy devices
Take action: If you have a Samsung phone, keep up with the updates and make sure to update to the September 2025 patch when it's available. All Samsung phones have a flaw that's actively exploited. Waiting for an hour for the update to finish is easier hoping you won't be hacked.
Learn More
Samsung has patched multiple security vulnerabilities as part of its September 2025 Security Maintenance Release (SMR), including a critical severity flaw that was actively exploited in zero-day attacks.
Vulnerabilities summary
Actively exploited vulnerability:
- CVE-2025-21043 a flaw in libimagecodec.quram.so, a closed-source image parsing library developed by Quramsoft that implements support for various image formats. This is an out-of-bounds write weakness that allows remote attackers to execute arbitrary code on vulnerable Samsung devices, potentially compromising user data and device functionality. Samsung confirmed that they "were notified that an exploit for this issue has existed in the wild".
Critical vulnerabilities:
- CVE-2025-48539 (Android Security Bulletin)
- CVE-2025-27034 (Android Security Bulletin)
- CVE-2025-21043 (Samsung-specific: Out-of-bounds write in libimagecodec.quram.so)
High severity vulnerabilities (Android Security Bulletin):
- CVE-2025-48543, CVE-2025-0089, CVE-2025-48540, CVE-2025-48546, CVE-2025-48548, CVE-2025-48549, CVE-2025-48552, CVE-2025-48553, CVE-2025-48556, CVE-2025-48558, CVE-2025-48563, CVE-2025-48537, CVE-2025-48545, CVE-2025-48560, CVE-2025-48561, CVE-2025-48562, CVE-2025-48538, CVE-2025-48542, CVE-2025-48550, CVE-2025-48554, CVE-2025-48559, CVE-2023-40130, CVE-2025-26464, CVE-2025-32323, CVE-2025-32327, CVE-2025-48532, CVE-2025-48535, CVE-2025-48541, CVE-2025-48544, CVE-2025-48547, CVE-2025-48581, CVE-2025-26447, CVE-2025-48551, CVE-2025-48524, CVE-2025-48534, CVE-2024-7881, CVE-2024-47898, CVE-2024-47899, CVE-2025-0467, CVE-2025-46710, CVE-2025-25179, CVE-2025-25180, CVE-2025-8109, CVE-2025-1706, CVE-2025-21701, CVE-2025-21756, CVE-2025-1246, CVE-2025-46708, CVE-2025-46707, CVE-2025-38352, CVE-2025-27032, CVE-2025-21482, CVE-2025-47326, CVE-2025-47329, CVE-2025-47328, CVE-2025-20708, CVE-2025-20703, CVE-2025-3212
Samsung Semiconductor high severity:
- CVE-2025-32100
The security update also addresses 25 Samsung Vulnerabilities and Exposures (SVE) items, including moderate severity issues affecting various Samsung system components such as One UI Home, ContactProvider, ImsService, and ThemeManager.
Affected devices include all Samsung Galaxy smartphones running Android 13, 14, 15, and 16. The vulnerability in libimagecodec.quram.so affects a core system library used for image processing across the Samsung ecosystem.
Unlike Apple's unified update distribution, Samsung's patch deployment follows a staggered rollout by device model, region, and carrier, meaning users must wait for their specific device and location to receive the update.
Samsung has urged all users with eligible devices to install the September 2025 SMR update immediately when it's available and reboot their devices to ensure proper patch implementation.
