CVE-2025-21043: 
NixOS vulnerability analysis and mitigation

CVE-2025-21043 is a critical vulnerability discovered in Samsung's libimagecodec.quram.so library affecting Android versions 13, 14, 15, and 16. The vulnerability was reported by Meta and WhatsApp Security Teams on August 13, 2025, and was patched in Samsung's September 2025 Security Maintenance Release (SMR). This out-of-bounds write vulnerability allows remote attackers to execute arbitrary code on affected devices (Samsung Mobile, Hacker News).

The vulnerability is an out-of-bounds write issue in libimagecodec.quram.so, a closed-source image parsing library developed by Quramsoft that implements support for various image formats. The flaw received a CVSS score of 8.8 (High) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H from Samsung Mobile, while the NVD assigned it a Critical score of 9.8 with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability allows remote attackers to execute arbitrary code on affected devices. This type of vulnerability can potentially lead to complete system compromise, allowing attackers to gain control over affected devices and access sensitive information (Security Affairs, SecurityWeek).

Samsung addressed the vulnerability in their September 2025 Security Maintenance Release (SMR). The patch fixed the incorrect implementation in the libimagecodec.quram.so library. Users are strongly advised to update their devices to the latest security patch level to protect against this vulnerability (Samsung Mobile).

The vulnerability gained significant attention due to its active exploitation in the wild. WhatsApp and Meta's security teams were credited with discovering and reporting the vulnerability to Samsung. Security researchers, including Amnesty International's Security Lab, investigated the attacks and found that both iPhone and Android users were targeted, suggesting the involvement of sophisticated threat actors, possibly including state-sponsored groups (The Register).