In an advertisement of sensational disclosure that has stirred sensations in the cybersecurity circle, Samsung has hurried out to mend a critical zero-day flaw that has already been thoroughly abused in significant assaults against Galaxy technology, and the security defect was found by WhatsApp and Meta security agencies once they found traces of real-world exercises to the vulnerability before they could put up any defensive controls up.
How WhatsApp learnt about this crucial Samsung zero-day failure.
Samsung has fixed a remote code execution security vulnerability that was used in zero-day attacks on its Android-based devices. The critical vulnerability was named CVE-2025-21043 and is used in Samsung gadgets powered by Android 13-plus and was reported by the security departments of both Meta and WhatsApp on August 13. The vulnerability has been found in libimagecodec.quram.so, which is a closed-source image 8.5 image parsing library rendered by Quramsoft, which supports multiple image formats.
Samsung states that it is an out-of-bounds write execution in libimagecodec.quram.so that precedes the SMR Sep-2025 Release 1, and it can let the remote attacker conduct arbitrary code execution. Samsung was informed that an exploit for this problem has been in existence in the wild. Although Samsung did not state that the attacks had selected WhatsApp users with Samsung Android software, there are other instant messengers that might be exploited with the CVE-2025-21043 exploits with the help of a contaminated image parsing library.
The reason this is a sophisticated threat is that it is a zero-day attack.
In their active research on a highly specialized attack during the summer (their security advice to iOS/MacOS WhatsApp users), a Meta spokesperson told BleepingComputer that they had forwarded their discovery to their industry partners, such as Apple and Samsung. The revelation was a finding in a wider research undertaken by WhatsApp into advanced spyware programs against messaging services. Apple also non-cooperationally dealt with the aforementioned high-severity vulnerability (CVE-2025-43300) last month, and Samsung released a patch for SVE-2025-1702 and a security advisory about this this week.
What is notable about this vulnerability that makes it very dangerous to users
On 24 August, WhatsApp also fixed both a zero-click vulnerability ( CVE-2025-55177 ) in its iOS and macOS messaging clients, which was combined with an Apple zero-day threat ( CVE-2025-43300 ) used in extra-sophisticated targeted zero-day attacks. WhatsApp also encouraged the potentially affected users during that period to update their devices and software to the latest version, and also to restore them to the factory settings.
Spokespersons of Samsung and Meta could not be readily contacted at the start of the day, and when contacted by BleepingComputer, they responded no earlier. At the start of this month, hackers had also commenced the execution of malware against an unauthenticated remote code execution (RCE) vulnerability (CVE-2024-7399) on unpatched devices in the Samsung MagicINFO 9 Server, which is a centralized content management system (CMS) employed by airports, retail chains, hospitals, enterprises, and restaurants.
The urgency of upgrading their devices among users
This zero-day vulnerability has demonstrated a significant threat to the necessity of ensuring updated security patches on Android devices. The active exploitation of the vulnerability before the release of a patch to address it by Samsung speaks to the level to which cybercriminals can rush to weaponize security vulnerabilities once they are identified. People who have Samsung Galaxy smartphones with Android 13 or later must also immediately upgrade to the security update as of September 2025 to protect against potential exploitation.
The case illustrating a working relationship of WhatsApp, Meta, Apple, and Samsung to these interrelated vulnerabilities demonstrates the relevance of cooperation between the industries in overcoming complex cyber threats. The incident is an opaque dose of reality when considering that the most prevalent and commonly used devices might be concealing deeply rooted security flaws that are actively pursued by criminal organizations.