{“lastseen”:”2025-09-12T17:24:30″,”description”:”\\n\\nSamsung has released its monthly security updates for Android, including a fix for a security vulnerability that it said has been exploited in zero-day attacks.\\n\\nThe vulnerability, **CVE-2025-21043** (CVSS score: 8.8), concerns an out-of-bounds write that could result in arbitrary code execution.\\n\\n\\”Out-of-bounds Write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code,\\” Samsung said in an advisory. \\”The patch fixed the incorrect implementation.\\”\\n\\nAccording to a 2020 report from Google Project Zero, libimagecodec.quram.so is a closed-source image parsing library developed by Quramsoft that implements support for various image formats.\\n\\n\\n\\nThe critical-rated issue, per the South Korean electronics giant, affects Android versions 13, 14, 15, and 16. The vulnerability was privately disclosed to the company on August 13, 2025.\\n\\nSamsung did not share any specifics on how the vulnerability is being exploited in attacks and who may be behind these efforts. However, it acknowledged that \\”an exploit for this issue has existed in the wild.\\”\\n\\nThe development comes shortly after Google said it resolved two security flaws in Android (CVE-2025-38352 and CVE-2025-48543) that it said have been exploited in targeted attacks.\\n\\nFound this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.\\n”,”published”:”2025-09-12T15:16:00″,”modified”:”2025-09-12T15:16:34″,”type”:”thn”,”title”:”Samsung Fixes Critical Zero-Day CVE-2025-21043 Exploited in Android Attacks”,”source”:””,”references”:””,”id”:”THN:578D64022E805DCBC67DE834682D75E3″,”bulletinFamily”:”info”,”cwe”:null,”cvelist”:[“CVE-2025-21043″,”CVE-2025-38352″,”CVE-2025-48543″],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:8.8,”severity”:”HIGH”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/thehackernews.com\/2025\/09\/samsung-fixes-critical-zero-day-cve.html”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-09-12T17:24:30″,”description”:”\\n\\nSamsung has released its monthly security updates for Android, including a fix for a security vulnerability that it said has been exploited in zero-day attacks.\\n\\nThe…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,41,12,15,13,7,11,43,5],"class_list":["post-17259","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-cvss-88","tag-exploit","tag-high","tag-news","tag-security","tag-tapic","tag-thn","tag-vulnerability"],"yoast_head":"\n