Cyber Posture

CVE-2025-21042

HighCISA KEVActive Exploitation

Published: 12 September 2025

Published
12 September 2025
Modified
12 November 2025
KEV Added
10 November 2025
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0330 87.3th percentile
Risk Priority 40 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-21042 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Samsung Android. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 12.7% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Client Execution (T1203). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Timely remediation via the SMR Apr-2025 Release 1 patch directly eliminates the out-of-bounds write vulnerability in libimagecodec.quram.so, preventing arbitrary code execution.

RA-5 Vulnerability Monitoring and Scanning partial match
detect

Vulnerability scanning identifies unpatched Samsung Android devices affected by CVE-2025-21042, enabling prioritization for flaw remediation.

SI-16 Memory Protection partial match
prevent

Memory protection mechanisms like ASLR and non-executable memory hinder exploitation of the out-of-bounds write for reliable remote code execution.

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
attack.mitre.org →
Why these techniques?

Out-of-bounds write in client-side image codec library directly enables remote arbitrary code execution on Android devices via malicious content processing (user interaction required).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitrary code.

Deeper analysisAI

CVE-2025-21042 is an out-of-bounds write vulnerability (CWE-787) in the libimagecodec.quram.so library prior to SMR Apr-2025 Release 1. This flaw affects Samsung Android devices, as detailed in the Samsung Mobile security bulletin for April 2025.

Remote attackers can exploit this vulnerability to execute arbitrary code. Per the CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), exploitation requires network access and user interaction but no privileges, with high impacts on confidentiality, integrity, and availability.

Samsung's April 2025 security update (SMR Apr-2025 Release 1) patches this vulnerability. It appears in the CISA Known Exploited Vulnerabilities Catalog, urging prompt mitigation by federal agencies.

The vulnerability is associated with Landfall, a new commercial-grade Android spyware, according to Unit42 analysis.

Details

CWE(s)
CWE-787
KEV Date Added
10 November 2025

Affected Products

samsung
android
13.0, 14.0, 15.0

CVEs Like This One

CVE-2025-21043Same product: Samsung Androidboth on KEV
CVE-2025-20881Same product: Samsung Android
CVE-2025-20890Same product: Samsung Android
CVE-2025-20888Same product: Samsung Android
CVE-2025-20882Same product: Samsung Android
CVE-2026-20979Same product: Samsung Android
CVE-2026-20983Same product: Samsung Android
CVE-2026-21010Same product: Samsung Android
CVE-2026-20971Same product: Samsung Android
CVE-2025-20931Same vendor: Samsung

References