CVE-2025-21042: 
NixOS vulnerability analysis and mitigation

Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitrary code. The vulnerability, identified as CVE-2025-21042, was discovered and disclosed in September 2025, affecting Samsung Android devices running versions 13, 14, 15, and 16 (NVD, Samsung Mobile).

The vulnerability is classified as Critical with a CVSS v3.1 Base Score of 9.8 (CRITICAL) according to NVD's assessment, with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The vulnerability is identified as an out-of-bounds write issue in the libimagecodec.quram.so library, which could lead to arbitrary code execution (NVD).

The vulnerability allows remote attackers to execute arbitrary code on affected devices. Given its critical severity rating and the potential for remote code execution without user interaction, this vulnerability poses a significant security risk to affected Samsung devices (NVD).

Samsung has released a patch in the SMR Apr-2025 Release 1 security update that fixes the incorrect implementation in the libimagecodec.quram.so library. Users are strongly advised to update their devices to this version or later to protect against this vulnerability (Samsung Mobile).