Cyber Resilience

CVE-2025-21043

HighCISA KEVActive ExploitationEUVD Exploited

Published: 12 September 2025

Published
12 September 2025
Modified
30 October 2025
KEV Added
02 October 2025
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0491 89.8th percentile
Risk Priority 41 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-21043 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Samsung Android. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 10.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-21043 is an out-of-bounds write vulnerability in libimagecodec.quram.so prior to SMR Sep-2025 Release 1. The flaw is tracked under CWE-787 and carries a CVSS 3.1 score of 8.8, reflecting a network-accessible issue that requires no privileges but does involve user interaction.

Remote attackers can exploit the weakness to execute arbitrary code on affected Samsung devices, with the attack vector, lack of required authentication, and high impact on confidentiality, integrity, and availability all confirmed by the CVSS vector string.

Samsung’s September 2025 security maintenance release addresses the issue, and the vulnerability appears in CISA’s known exploited vulnerabilities catalog, indicating confirmed in-the-wild use.

EPSS for the CVE rose from a low baseline to a peak of 0.1144 on 2025-12-11 before receding to the current value of 0.0491, demonstrating a clear post-disclosure increase in exploitation interest.

EU & UK References

Vulnerability details

Out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code.

CWE(s)
KEV Date Added
02 October 2025

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
Why these techniques?

Out-of-bounds write in image codec library enables arbitrary code execution via malicious image file opened by user (client-side exploitation).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-21042Same product: Samsung Androidboth on KEV
CVE-2025-20881Same product: Samsung Android
CVE-2025-20882Same product: Samsung Android
CVE-2025-20888Same product: Samsung Android
CVE-2025-20890Same product: Samsung Android
CVE-2026-20983Same product: Samsung Android
CVE-2025-20903Same product: Samsung Android
CVE-2026-21020Same product: Samsung Android
CVE-2026-20979Same product: Samsung Android
CVE-2026-20973Same product: Samsung Android

Affected Assets

samsung
android
13.0, 14.0, 15.0, 16.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

preventrecover

Directly mandates identification, reporting, and correction of flaws like the out-of-bounds write in libimagecodec.quram.so through timely patching as specified in Samsung's SMR Sep-2025 Release 1 and CISA KEV catalog.

prevent

Implements memory protection safeguards such as address space layout randomization and non-executable memory to mitigate arbitrary code execution from out-of-bounds writes in the image codec library.

prevent

Requires validation of image file inputs to block malformed data that could trigger the out-of-bounds write vulnerability during processing by libimagecodec.quram.so.

References