Cyber Resilience

CVE-2025-21042

HighCISA KEVActive ExploitationEUVD Exploited

Published: 12 September 2025

Published
12 September 2025
Modified
12 November 2025
KEV Added
10 November 2025
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0441 89.3th percentile
Risk Priority 40 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-21042 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Samsung Android. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 10.7% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).

Deeper analysis

CVE-2025-21042 is an out-of-bounds write vulnerability in libimagecodec.quram.so, present in versions prior to Samsung's SMR Apr-2025 Release 1. The flaw is tracked under CWE-787 and carries a CVSS 3.1 score of 8.8, reflecting network attack vectors with low complexity that require user interaction but grant full confidentiality, integrity, and availability impact.

Remote attackers can exploit the issue to execute arbitrary code on affected devices. The attack requires no authentication and can be delivered over the network, typically through crafted image content that triggers the memory corruption when processed by the vulnerable library.

Samsung's April 2025 security maintenance release addresses the flaw through updated firmware. The vulnerability also appears in CISA's Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild, while public reporting links it to commercial Android spyware campaigns. The associated EPSS score remains flat at 0.0441 with no material increase since disclosure.

EU & UK References

Vulnerability details

Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitrary code.

CWE(s)
KEV Date Added
10 November 2025

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Out-of-bounds write in client-side image codec library directly enables remote arbitrary code execution on Android devices via malicious content processing (user interaction required).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-21043Same product: Samsung Androidboth on KEV
CVE-2025-20881Same product: Samsung Android
CVE-2025-20882Same product: Samsung Android
CVE-2025-20888Same product: Samsung Android
CVE-2025-20890Same product: Samsung Android
CVE-2026-20983Same product: Samsung Android
CVE-2025-20903Same product: Samsung Android
CVE-2025-20931Same vendor: Samsung
CVE-2026-21020Same product: Samsung Android
CVE-2026-20979Same product: Samsung Android

Affected Assets

samsung
android
13.0, 14.0, 15.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Timely remediation via the SMR Apr-2025 Release 1 patch directly eliminates the out-of-bounds write vulnerability in libimagecodec.quram.so, preventing arbitrary code execution.

detect

Vulnerability scanning identifies unpatched Samsung Android devices affected by CVE-2025-21042, enabling prioritization for flaw remediation.

prevent

Memory protection mechanisms like ASLR and non-executable memory hinder exploitation of the out-of-bounds write for reliable remote code execution.

References