Samsung has patched a zero-day RCE vulnerability that was already being exploited in attacks against devices running Android.
The issue has been assigned the identifier CVE-2025-21043 (CVSS score 8.8) and affects Samsung devices running Android 13 and later. Information about the problem was first disclosed on August 13, 2025, by the security teams at Meta (designated an extremist organization and banned in the Russian Federation) and WhatsApp.
According to Samsung, the vulnerability was discovered in the libimagecodec.quram.so library (a proprietary image-processing library developed by Quramsoft that provides support for various formats). The issue was an out-of-bounds write, which allowed attackers to remotely execute arbitrary code on vulnerable devices.
Additionally, Samsung’s bulletin emphasizes that the company is aware of an exploit for this bug, and that the vulnerability has already been used in real-world attacks.
Company representatives have not specified whether these attacks were aimed only at users of Samsung devices with WhatsApp installed. It is known that other messaging apps that use the vulnerable library can be attacked via CVE-2025-21043 as well.
“As part of a proactive investigation into targeted exploitation in the summer of 2025 (which resulted in us issuing recommendations for WhatsApp users on iOS and macOS), we shared our findings with industry peers, including Apple and Samsung,” a Meta representative (an organization designated as extremist and banned in the Russian Federation) told Bleeping Computer. “Apple addressed a related vulnerability last month (CVE-2025-43300), and Samsung also released a patch for SVE-2025-1702 and published its security bulletin.”
It is also worth noting that at the end of August, the WhatsApp developers fixed another zero-click vulnerability (CVE-2025-55177) in the iOS and macOS clients. It was reported that this issue was used together with the aforementioned CVE-2025-43300 vulnerability as part of “sophisticated attacks targeting specific users.”
At the time, in a notification sent to affected users, the developers recommended performing a full reset of the device to factory settings, and then keeping the OS and the WhatsApp app up to date for optimal protection.