CVE-2025-21042
Published: 12 September 2025
Summary
CVE-2025-21042 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Samsung Android. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 10.7% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).
Deeper analysis
CVE-2025-21042 is an out-of-bounds write vulnerability in libimagecodec.quram.so, present in versions prior to Samsung's SMR Apr-2025 Release 1. The flaw is tracked under CWE-787 and carries a CVSS 3.1 score of 8.8, reflecting network attack vectors with low complexity that require user interaction but grant full confidentiality, integrity, and availability impact.
Remote attackers can exploit the issue to execute arbitrary code on affected devices. The attack requires no authentication and can be delivered over the network, typically through crafted image content that triggers the memory corruption when processed by the vulnerable library.
Samsung's April 2025 security maintenance release addresses the flaw through updated firmware. The vulnerability also appears in CISA's Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild, while public reporting links it to commercial Android spyware campaigns. The associated EPSS score remains flat at 0.0441 with no material increase since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-29029
Vulnerability details
Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitrary code.
- CWE(s)
- KEV Date Added
- 10 November 2025
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Out-of-bounds write in client-side image codec library directly enables remote arbitrary code execution on Android devices via malicious content processing (user interaction required).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Timely remediation via the SMR Apr-2025 Release 1 patch directly eliminates the out-of-bounds write vulnerability in libimagecodec.quram.so, preventing arbitrary code execution.
Vulnerability scanning identifies unpatched Samsung Android devices affected by CVE-2025-21042, enabling prioritization for flaw remediation.
Memory protection mechanisms like ASLR and non-executable memory hinder exploitation of the out-of-bounds write for reliable remote code execution.