Share
## https://sploitus.com/exploit?id=21AA969A-F901-5E38-8E6C-383EA10D510E
# πŸ” **CVE-2025-21042 β€” Samsung Image Codec Remote Code Execution**

### βš™οΈ **What it is**

A **critical** vulnerability in Samsung’s image-processing library
**`libimagecodec.quram.so`** β€” used on Galaxy Android devices.
🧩 It’s an **out-of-bounds write** flaw triggered when parsing **malicious image files** (like DNG).
πŸ“Έ A crafted image can let attackers **run arbitrary code remotely** on the device.

> β€œOut-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitrary code.”
> β€” *NVD Summary*

---

### 🚨 **Severity**



| Metric                  | Value                         |
| :---------------------- | :---------------------------- |
| **CVSS v3.1 Score**     | πŸ’£ **9.8 / 10 (CRITICAL)**    |
| **Attack Vector**       | 🌐 Network                    |
| **Privileges Required** | ❌ None                        |
| **User Interaction**    | βš™οΈ None (Zero-click possible) |

πŸ‘‰ Translation: an attacker could compromise your phone **just by sending you an image** β€” no taps needed.

---

### 🧨 **Exploitation in the Wild**



* πŸ•΅οΈβ€β™‚οΈ Exploited as part of **LANDFALL**, a **commercial-grade Android spyware** campaign.
* 🎯 Targets: Samsung Galaxy S22/S23/S24, Fold4, Flip4.
* 🌍 Regions hit: **Middle East (Iraq, Iran, Turkey, Morocco)**.
* 🧠 Delivered through messaging apps or other channels with malicious image attachments.

> Used by spyware operators to gain full control of affected devices β€” including camera, mic, and data exfiltration.

---

### 🧩 **Who’s Affected**

πŸ“± **Samsung Android devices** running firmware **before**
➑️ **SMR Apr-2025 Release 1**

If your device hasn’t received that patch β€” you’re still vulnerable.

---

### πŸ›‘οΈ **How to Stay Safe**



βœ… **Update now:**
Go to **Settings β†’ Software Update β†’ Download and Install**
Make sure your security patch level is **April 2025** or later.

🚫 **Avoid:**

* Opening image files from unknown senders πŸ“
* Downloading photos from suspicious links 🌐

🏒 **For enterprises:**

* Enforce mobile device management (MDM) compliance.
* Audit fleet patch levels for Samsung devices immediately.

---

### πŸ” **Extra Context**

* CVE-2025-21042 is part of a trend in **image-based zero-click exploits**.
* Similar bugs have been used in **Pegasus** and other mobile spyware.
* Shows how even β€œinnocent” file types like photos can be weaponized. πŸ’€

---

### πŸ“š **References**

* 🧾 [NVD Entry](https://nvd.nist.gov/vuln/detail/CVE-2025-21042)
* πŸ” [ZeroPath Analysis](https://zeropath.com/blog/cve-2025-21042-samsung-libimagecodec-quram-so-summary)
* πŸ•΅οΈβ€β™€οΈ [Palo Alto Unit 42 Report](https://unit42.paloaltonetworks.com/landfall-is-new-commercial-grade-android-spyware/)
* πŸ“° [The Hacker News Coverage](https://thehackernews.com/2025/11/samsung-zero-click-flaw-exploited-to.html)

---