Samsung has recently rolled out the September security updates for Android devices, addressing a critical zero-day vulnerability that had been actively exploited by attackers. The vulnerability, identified as cve-2025-21043 and scoring 8.8 on the CVSS scale, is associated with a buffer overflow issue in the libimagecodec.quram.so library, allowing remote execution of arbitrary code on affected devices.
The vulnerability stemmed from the incorrect operation of the code developed by QURAM SOFT, designed to support various graphic formats. This flaw led to data being written outside the allocated memory space, creating an opportunity for exploitation. The vulnerability impacts Android versions 13, 14, 15, and 16, and was reported to Samsung in a private disclosure on August 13, 2025. The SMR September-2025 Release 1 update includes a fix for this critical issue.
Although Samsung confirmed the active exploitation of the vulnerability in real-world attacks, specific details about the nature of the attacks or the perpetrators were not disclosed. This cautious approach is common in situations where investigations are ongoing or revealing technical specifics could trigger further attacks.
The prompt patch release by Samsung followed Google’s announcement of closing two other exploited vulnerabilities in Android – cve-2025-38352 and cve-2025-48543. These vulnerabilities were also leveraged in targeted attacks aimed at gaining control over affected devices.
September has seen heightened activity in the Android security landscape, with multiple serious issues being actively exploited. Manufacturers have been swift to release updates to safeguard users against potential threats.