CVE-2025-21042

HIGH KEV

Samsung Android - Remote Code Execution via Out-of-bounds Write in libimagecodec.quram.so

Title source: llm

Exploitation Summary

CVE-2025-21042 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 10, 2025. EIP tracks 1 public exploit from researchers including patricnilackshan.

AI-analyzed exploit summary The repository provides a detailed writeup on CVE-2025-21042, a critical out-of-bounds write vulnerability in Samsung's libimagecodec.quram.so library, allowing remote code execution via malicious image files. It includes severity metrics, exploitation details, and mitigation advice.

Description

Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitrary code.

Exploits (1)

nomisec WRITEUP

by patricnilackshan · poc

https://github.com/patricnilackshan/Samsung-CVE-2025-21042

View Code ZIP pw:eip

The repository provides a detailed writeup on CVE-2025-21042, a critical out-of-bounds write vulnerability in Samsung's libimagecodec.quram.so library, allowing remote code execution via malicious image files. It includes severity metrics, exploitation details, and mitigation advice.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Samsung libimagecodec.quram.so (before SMR Apr-2025 Release 1)

No auth needed

Prerequisites: Target device running vulnerable firmware · Delivery mechanism for malicious image file

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory

https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=04

Technical Description, Third Party Advisory

https://unit42.paloaltonetworks.com/landfall-is-new-commercial-grade-android-spyware/

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-21042

Scores

CVSS v3 8.8

EPSS 0.0441

EPSS Percentile 89.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2025-11-10

VulnCheck KEV 2025-11-07

ENISA EUVD EUVD-2025-29029

CWE

CWE-787

Status published

Products (2)

samsung/android 13.0 (42 CPE variants)

samsung/android 14.0 (8 CPE variants)

Published Sep 12, 2025

KEV Added Nov 10, 2025

Tracked Since Feb 18, 2026