Share
## https://sploitus.com/exploit?id=21AA969A-F901-5E38-8E6C-383EA10D510E
# π **CVE-2025-21042 β Samsung Image Codec Remote Code Execution**
### βοΈ **What it is**
A **critical** vulnerability in Samsungβs image-processing library
**`libimagecodec.quram.so`** β used on Galaxy Android devices.
π§© Itβs an **out-of-bounds write** flaw triggered when parsing **malicious image files** (like DNG).
πΈ A crafted image can let attackers **run arbitrary code remotely** on the device.
> βOut-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitrary code.β
> β *NVD Summary*
---
### π¨ **Severity**
| Metric | Value |
| :---------------------- | :---------------------------- |
| **CVSS v3.1 Score** | π£ **9.8 / 10 (CRITICAL)** |
| **Attack Vector** | π Network |
| **Privileges Required** | β None |
| **User Interaction** | βοΈ None (Zero-click possible) |
π Translation: an attacker could compromise your phone **just by sending you an image** β no taps needed.
---
### 𧨠**Exploitation in the Wild**
* π΅οΈββοΈ Exploited as part of **LANDFALL**, a **commercial-grade Android spyware** campaign.
* π― Targets: Samsung Galaxy S22/S23/S24, Fold4, Flip4.
* π Regions hit: **Middle East (Iraq, Iran, Turkey, Morocco)**.
* π§ Delivered through messaging apps or other channels with malicious image attachments.
> Used by spyware operators to gain full control of affected devices β including camera, mic, and data exfiltration.
---
### π§© **Whoβs Affected**
π± **Samsung Android devices** running firmware **before**
β‘οΈ **SMR Apr-2025 Release 1**
If your device hasnβt received that patch β youβre still vulnerable.
---
### π‘οΈ **How to Stay Safe**
β
**Update now:**
Go to **Settings β Software Update β Download and Install**
Make sure your security patch level is **April 2025** or later.
π« **Avoid:**
* Opening image files from unknown senders π
* Downloading photos from suspicious links π
π’ **For enterprises:**
* Enforce mobile device management (MDM) compliance.
* Audit fleet patch levels for Samsung devices immediately.
---
### π **Extra Context**
* CVE-2025-21042 is part of a trend in **image-based zero-click exploits**.
* Similar bugs have been used in **Pegasus** and other mobile spyware.
* Shows how even βinnocentβ file types like photos can be weaponized. π
---
### π **References**
* π§Ύ [NVD Entry](https://nvd.nist.gov/vuln/detail/CVE-2025-21042)
* π [ZeroPath Analysis](https://zeropath.com/blog/cve-2025-21042-samsung-libimagecodec-quram-so-summary)
* π΅οΈββοΈ [Palo Alto Unit 42 Report](https://unit42.paloaltonetworks.com/landfall-is-new-commercial-grade-android-spyware/)
* π° [The Hacker News Coverage](https://thehackernews.com/2025/11/samsung-zero-click-flaw-exploited-to.html)
---