HIGH🚩 CISA KEV⚡ EXPLOIT✓ PATCH🇵🇱 Wersja polska

CVE-2025-21043

CVSS 8.8v3.1pub. 2025-09-12upd. 2025-10-30

Out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Samsung Android

    OS
    Samsung
    13.014.015.016.0

CISA KEV — detailsi

Vendori
Samsung
Producti
Mobile Devices
Added to KEVi
October 2, 2025
Remediation deadline (US Federal)i
October 23, 2025(overdue)
Required action (CISA)i

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CISA descriptioni

Samsung mobile devices contain an out-of-bounds write vulnerability in libimagecodec.quram.so which allows remote attackers to execute arbitrary code.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 23 października 2025
Tags
RCEMemory
CWE
References

Related vulnerabilities

CVE-2023-21456CRITICAL9.0ten sam produkt

Path traversal vulnerability in Galaxy Themes Service prior to SMR Mar-2023 Release 1 allows attacker to acces...

CVE-2025-21042HIGH8.8⚠ KEVten sam produkt

Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execu...

CVE-2021-25487HIGH7.3⚠ KEVten sam produkt

Lack of boundary checking of a buffer in set_skb_priv() of modem interface driver prior to SMR Oct-2021 Releas...

CVE-2026-20990HIGH8.4ten sam produkt

Improper export of android application components in Secure Folder prior to SMR Mar-2026 Release 1 allows loca...

CVE-2026-20979HIGH8.4ten sam produkt

Improper privilege management in Settings prior to SMR Feb-2026 Release 1 allows local attackers to launch arb...