CVE ID

CVE-2025-21042

Vulnerability Name

Samsung Mobile Devices Out-of-Bounds Write Vulnerability

• Project: Samsung
• Product: Mobile Devices

Date

• Date Added: 2025-11-10
• Due Date: 2025-12-01

Description

Samsung mobile devices contain an out-of-bounds write vulnerability in libimagecodec.quram.so. This vulnerability could allow remote attackers to execute arbitrary code.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=04 ; https://nvd.nist.gov/vuln/detail/CVE-2025-21042

Related Security News

• CISA: Patch Samsung flaw exploited to deliver spyware (CVE-2025-21042)
• CISA orders feds to patch Samsung zero-day used in spyware attacks

More CVEs Info

Common Vulnerabilities & Exposures (CVE) List