CVE-2025-21042

Published Sep 12, 2025

Last updated 2 months ago

CVSS high 8.8
libimagecodec
Samsung

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-21042 is an out-of-bounds write vulnerability found in Samsung's libimagecodec.quram.so library. This library is responsible for handling image parsing and decoding on Samsung Galaxy devices. The vulnerability is triggered when processing a specially crafted image file, leading to a write operation outside the allocated memory boundaries. Successful exploitation of this vulnerability allows remote attackers to execute arbitrary code on affected devices. This can be achieved through various channels such as email attachments, messaging apps, or web browsing, where the device processes an attacker-supplied image. A patch has been released in the SMR Apr-2025 Release 1 security update to address this vulnerability.

Description
Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitrary code.
Source
mobile.security@samsung.com
NVD status
Analyzed
Products
android

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

nvd@nist.gov
CWE-787

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

50

  1. Actively exploited CVE : CVE-2025-21042

    @transilienceai

    9 Nov 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  2. 🚨 LANDFALL [Critical] Nov 09, 2025 LANDFALL is a commercial-grade Android spyware targeting Samsung Galaxy devices, used in targeted intrusion activities within the Middle East. This spyware is delivered through malformed DNG image files exploiting CVE-2025-21042, a critical..

    @transilienceai

    9 Nov 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 Landfall Android spyware exploited zero-day CVE-2025-21042 to infect Samsung phones via specially crafted images in the Middle East — avoid opening unexpected media and update devices. More: https://t.co/YQnpr5B3ui Follow me for support

    @kernelpanicsec

    8 Nov 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 1️⃣ 📱 ZERO-CLICK Landfall Spyware on Samsung/WhatsApp The Bite: Landfall, a commercial spyware, exploited a zero-day (CVE-2025-21042) in Samsung's image processing, potentially delivered via WhatsApp with zero clicks! It's full surveillance on Galaxy devices. https://t.co

    @CyberWolfGuard

    8 Nov 2025

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. حمله جدید با نام LANDFALL گوشی‌های Samsung Galaxy رو هدف گرفته. مهاجما از یه 0-day exploit در کتابخانه https://t.co/zX7W9Tzj31 استفاده کردن که با یه تصویر DNG آلوده توی WhatsApp، گوشی رو بد

    @LastStandNews24

    8 Nov 2025

    813 Impressions

    0 Retweets

    10 Likes

    8 Bookmarks

    0 Replies

    1 Quote

  6. CVE-2025-21042 : Samsung Zero-Click Flaw Exploited to Deploy LANDFALL Android Spyware via WhatsApp A single image file could hijack Galaxy phones. Attackers hid a ZIP inside DNG photos sent over WhatsApp, exploiting a zero-day in Samsung’s image codec. https://t.co/kFpZRcxle

    @freedomhack101

    8 Nov 2025

    72 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  7. A single image file could hijack Galaxy phones! Attackers embedded a ZIP inside DNG photos sent via WhatsApp — exploiting a zero-day (CVE-2025-21042) in Samsung’s image codec. The implant, LANDFALL, granted full spyware access — no clicks needed. Targets had their data, mic

    @Ind_Cyber_News

    8 Nov 2025

    45 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. CVE-2025-21042: Samsung Zero-Day Exploited to Deploy LANDFALL Spyware #Samsung #CVE202521042 #LANDFALL #AndroidSecurity #ZeroDay #GalaxyS22 #GalaxyS23 #CyberAttack #Spyware #MobileSecurity https://t.co/mOGc2wh5nc

    @cyashadotcom

    8 Nov 2025

    42 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. 🚨 CVE-2025-21042 Samsung - LANDFALL Spyware Zero-Click Attacks Unit 42 caught LANDFALL spyware exploiting Samsung Galaxy devices via weaponized DNG images sent through WhatsApp. What's brutal: zero-click exploitation—victims got compromised just by receiving the image, n

    @the_c_protocol

    8 Nov 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. LANDFALL: New Commercial-Grade #Android #Spyware in Exploit Chain Targeting Samsung Devices CVE-2025-21042/CVE-2025-21043 https://t.co/jXitm7NazL https://t.co/xacRN6c7yq

    @blackorbird

    8 Nov 2025

    3460 Impressions

    11 Retweets

    46 Likes

    18 Bookmarks

    1 Reply

    0 Quotes

  11. ⚡️A single image file could hijack Galaxy phones. Attackers hid a ZIP inside DNG photos sent over WhatsApp, exploiting a zero-day in Samsung’s image codec (CVE-2025-21042). The implant — called LANDFALL — gave full spyware access.

    @AnonOzzyDude

    8 Nov 2025

    245 Impressions

    2 Retweets

    7 Likes

    1 Bookmark

    1 Reply

    0 Quotes

  12. Unit 42 uncovered LANDFALL: commercial Android spyware delivered via malformed DNG exploiting CVE-2025-21042 on Samsung Galaxy; used mid‑2024 to Apr 2025 for mic, location, photos, contacts collection. #LANDFALL #CVE-2025-21042 #Android https://t.co/W8SMYrSNxA

    @hasamba

    8 Nov 2025

    48 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. 🚨 New spyware alert: “Landfall” exploited a @SamsungMobile zero-day (CVE-2025-21042) to infect Galaxy devices via DNG image files sent through @WhatsApp . 🎯 Targets: Users in the Middle East & North Africa 📱 Impact: Microphone access, GPS tracking, data theft @Pa

    @TechNadu

    8 Nov 2025

    82 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. ثغرة Zero-Click في أجهزة Galaxy من @SamsungMobile جرى استغلالها لتثبيت برمجية التجسس LANDFALL عبر صور مرسلة على @WhatsApp كشف عنها باحثو @PaloAltoNtwks. الثغرة المسجلة بالرمز CVE-2025-21042

    @cyberscastx

    8 Nov 2025

    557 Impressions

    0 Retweets

    3 Likes

    0 Bookmarks

    2 Replies

    0 Quotes

  15. 🚨 LANDFALL Android Spyware Threat Report [Critical] Nov 08, 2025 Analysis of the LANDFALL Android spyware, which targeted Samsung Galaxy devices via a zero-day vulnerability (CVE-2025-21042). The spyware, potentially linked to private-sector offensive actors (PSOAs) in the...

    @transilienceai

    8 Nov 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. 🚨 Samsung Zero-Click Flaw Exploited for LANDFALL Android Spyware via WhatsApp Patched CVE-2025-21042 flaw used for targeted Middle East attacks. https://t.co/P18OzkbpDB

    @not2cleverdotme

    8 Nov 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. A new report reveals that LANDFALL, a commercial-grade spyware, exploits CVE-2025-21042 in Samsung Android's image processing library, hiding in malicious DNG files. #CyberSecurity #AndroidSpyware https://t.co/FfUENgFTz8

    @Cyber_O51NT

    8 Nov 2025

    123 Impressions

    1 Retweet

    3 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  18. ⚠️ ¡Alerta Samsung/WhatsApp! Se detectó el spyware LandFall, que explotó un zero-day crítico de Samsung (CVE-2025-21042) a través de imágenes maliciosas enviadas por WhatsApp. Asegúrate de tener tu Galaxy actualizado. La vulnerabilidad ya fue parcheada. https://t.co/A

    @3ncr1pt4d0

    8 Nov 2025

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. A single image file could hijack Galaxy phones. Attackers hid a ZIP inside DNG photos sent over WhatsApp, exploiting a zero-day in Samsung’s image codec (CVE-2025-21042). The implant — called LANDFALL — gave full spyware access. Full report → https://t.co/RluuquK11x

    @TheHackersNews

    7 Nov 2025

    35006 Impressions

    134 Retweets

    327 Likes

    124 Bookmarks

    8 Replies

    8 Quotes

  20. Unit 42 uncovered LANDFALL, previously unknown Android spyware that exploited a zero-day vulnerability CVE-2025-21042 in Samsung Android’s image processing library. This is the first public analysis of the campaign and the implant. Read more: https://t.co/aXhxTlVdDn https://t.c

    @7thGensec

    7 Nov 2025

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. Unit 42 uncovered LANDFALL, previously unknown Android spyware that exploited a zero-day vulnerability CVE-2025-21042 in Samsung Android’s image processing library https://t.co/rwZUDH52Sy https://t.co/aEpY4gfwHw

    @secharvesterx

    7 Nov 2025

    52 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. LANDFALL, a new commercial-grade Android spyware, targets Samsung Galaxy devices via a zero-day in Samsung’s image processing (CVE-2025-21042). Active mid-2024 to early 2025, linked to Middle East operations. #LANDFALL #SamsungSpyware #MiddleEast https://t.co/nTNIGZJr3p

    @TweetThreatNews

    7 Nov 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. Unit 42 uncovered LANDFALL, previously unknown Android spyware that exploited a zero-day vulnerability CVE-2025-21042 in Samsung Android’s image processing library. This is the first public analysis of the campaign and the implant. Read more: https://t.co/Tv6rnxRklp https://t.c

    @Unit42_Intel

    7 Nov 2025

    8041 Impressions

    35 Retweets

    82 Likes

    24 Bookmarks

    2 Replies

    2 Quotes

  24. LANDFALL: New Android commercial-grade spyware targeted Samsung Galaxy devices via a #WhatsApp zero-click exploit in image parsing (CVE-2025-21042) https://t.co/uHfDi0Jhlb https://t.co/Ojt7soLQGA

    @androidmalware2

    7 Nov 2025

    9482 Impressions

    48 Retweets

    203 Likes

    94 Bookmarks

    2 Replies

    0 Quotes

  25. ⚠️📱 “Landfall” spyware hits Samsung Galaxy! • Zero-day exploit (CVE-2025-21042) needs no clicks 😱 • Hidden in image files hijacks mic, cam & data 🎯 • Active since 2024, patch out now update ASAP ⚡ Why it matters: Your phone could spy on you without

    @TechAI_Daily

    7 Nov 2025

    106 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. 🚨BREAKING: We uncovered LANDFALL — a commercial-grade Android spyware exploiting a now-patched Samsung zero-day (CVE-2025-21042) through weaponized DNG images sent via WhatsApp, enabling zero-click compromise of Samsung Galaxy devices. 1/ https://t.co/hfTFP1MMX2

    @megabeets_

    7 Nov 2025

    8113 Impressions

    44 Retweets

    104 Likes

    22 Bookmarks

    1 Reply

    2 Quotes

  27. [CVE-2025-21042: HIGH] Out-of-bounds write in https://t.co/r1aosWrSuQ prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitrary code.#cve,CVE-2025-21042,#cybersecurity https://t.co/GmcgteYBtA https://t.co/sCD0Sg44vh

    @CveFindCom

    12 Sept 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.