Samsung’s September Update Patches Critical Zero-Day Vulnerability

Samsung has already started rolling out the September 2025 security update to a bunch of devices. It fixes a crtical vulnerability that has already been exploited in the wild. This vulnerability allows attackers to execute code remotely, meaning that a device could be compromised if a user opens a specially crafted image. Samsung has confirmed that a working exploit for the issue has been seen in real attacks.

September 2025 security update fixes critical image-processing bug

The flaw (CVE-2025-21043) affects Samsung devices running Android 13, 14, 15, and 16. It exists in a library called libimagecodec.quram.so, which is used to process images, reports Bleeping Computer.

The vulnerability was reported to Samsung by the security teams at Meta and WhatsApp in August 2025. While the company has not provided details about the attacks, it is likely that messaging apps using the affected image-processing library, such as WhatsApp, could be targeted.

In addition to this critical flaw, the September security update also addresses other high- and moderate-severity issues. These include an out-of-bounds write in libsavsvc.so that could allow local code execution and several flaws in system apps such as One UI Home, ContactProvider, and ImsService, which could let attackers bypass security features or access sensitive information.

Samsung strongly recommends that all users install the September security patch immediately. To do this, open Settings > Software update > Download and install. Until the patch is applied, users should be careful with files or images from untrusted sources, as these could be used to exploit the vulnerability. So far, only select Galaxy devices have received the update. And others will receive it in the coming weeks.