CVE-2025-21042
CVSS Score
8.8
EPSS Score
0.0%
EPSS Percentile
0th
Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitrary code.
| Vendor | samsung mobile |
| Product | samsung mobile devices |
| Published | Sep 12, 2025 |
| Last Updated | Feb 26, 2026 |
โ ๏ธ Actively Exploited โ Act Now
Get instant alerts for samsung mobile samsung mobile devices
This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2025-21042.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
Samsung Mobile / Samsung Mobile Devices
All versions affected References
security.samsungmobile.com: https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=04 cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-21042 unit42.paloaltonetworks.com: https://unit42.paloaltonetworks.com/landfall-is-new-commercial-grade-android-spyware/