CVE-2025-21043
Published: 12 September 2025
Summary
CVE-2025-21043 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Samsung Android. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 10.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mandates identification, reporting, and correction of flaws like the out-of-bounds write in libimagecodec.quram.so through timely patching as specified in Samsung's SMR Sep-2025 Release 1 and CISA KEV catalog.
Implements memory protection safeguards such as address space layout randomization and non-executable memory to mitigate arbitrary code execution from out-of-bounds writes in the image codec library.
Requires validation of image file inputs to block malformed data that could trigger the out-of-bounds write vulnerability during processing by libimagecodec.quram.so.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Out-of-bounds write in image codec library enables arbitrary code execution via malicious image file opened by user (client-side exploitation).
NVD Description
Out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code.
Deeper analysisAI
CVE-2025-21043 is an out-of-bounds write vulnerability (CWE-787) in the libimagecodec.quram.so library on Samsung devices, affecting versions prior to SMR Sep-2025 Release 1. Published on September 12, 2025, this flaw enables remote attackers to execute arbitrary code and carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H), reflecting high severity due to its potential for complete system compromise.
The vulnerability can be exploited by remote attackers requiring no privileges, over the network with low attack complexity, but user interaction is necessary, such as opening a malicious image file processed by the affected library. Successful exploitation grants high-impact confidentiality, integrity, and availability effects, culminating in arbitrary code execution on the device.
Samsung's September 2025 security bulletin details patches in SMR Sep-2025 Release 1 and recommends applying updates immediately. The vulnerability is also listed in CISA's Known Exploited Vulnerabilities Catalog, directing federal civilian executive branch agencies to mitigate it by the specified deadline.
Given its inclusion in CISA's KEV catalog, CVE-2025-21043 has observed real-world exploitation.
Details
- CWE(s)
- KEV Date Added
- 02 October 2025