A critical zero-day vulnerability, tracked as CVE-2025-21042, has been identified in the libimagecodec.quram.so library of Samsung mobile devices. This out-of-bounds write vulnerability poses significant risks as it allows remote attackers to execute arbitrary code without user interaction. CISA noted that threat actors are exploiting this flaw in real-world scenarios, making it a pressing concern for both individual users and organizations.
The vulnerability is categorized under CWE-787, which highlights the potential for memory corruption and unauthorized code execution. CISA added this issue to its Known Exploited Vulnerabilities catalog on November 10, 2025, following confirmation of ongoing exploitation attempts. Users are advised to check for security updates immediately, while federal agencies are required to implement patches or mitigations by December 1, 2025. Given the potential for extensive control over affected devices, prudence is necessary in monitoring device activity and ensuring secure app downloads.
👉 Pročitaj original: Cyber Security News
