If your daily driver is a Samsung Galaxy handset, you need to heed the manufacturer's warning. There are active attacks against phones like the Galaxy S25 and Galaxy S25 Edge; as a result, the manufacturer has updated its September security patch to fix a specific vulnerability that is a huge security issue. The flaw impacts Samsung Galaxy phones running Android 13 and newer and has the CVE-2025-21043 tracking number.
Samsung says that the flaw has been exploited in the wild
The flaw has a severity rating of critical and was reported by messaging app WhatsApp. It is unknown whether the security issue is limited to WhatsApp or affects other messaging platforms. With 3 billion monthly active users, this vulnerability has a large pool of potential victims. The flaw in CVE-2025-21043 is found in a closed-source image parsing library from a company named Quramsoft. The flaw can lead to a vulnerability known as an out-of-bounds write.
A remote attacker can send an image file, created specifically to cause a problem, to a vulnerable device. When the device attempts to process the image, the malicious code is written in a space where it doesn't belong. This overflow data can contain malicious code, and if it is written into a specific memory location, the attacker can trick the system into executing that code allowing the attacker to take control of the device. This would result in the attacker having access to the victim's phone.
Will you update your Galaxy phone ASAP?
Yes. I want my phone to be secure.
81.25%
No. this is a bunch of crap!
12.5%
I don't know.
6.25%
Because this is a zero-click attack, the victim does not have to do anything to set it off. That makes it more dangerous than your typical phishing scam since there is nothing that you can avoid pressing to prevent the attack from happening. These attacks take place in the background, making it hard for you to know that your phone is compromised. These attacks are considered to be rare because they are so hard to pull off.
Targets of these attacks are usually high-profile individuals
Such attacks are also sophisticated which means they are attempted by well-funded nation-states engaged in some sort of espionage campaign against well-known individuals. Targets include journalists, politicians, diplomats and those working in government defense departments.
A similar zero-click vulnerability targeted to iPhone models was patched by WhatsApp last month. WhatsApp said that it fixed an "incomplete authorization of linked device synchronization messages in WhatsApp." This "could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device." Combined with another vulnerability WhatsApp handled last month, the pair of vulnerabilities were exploited against targeted users via a sophisticated attack.
The vulnerability listed in Samsung's monthly security report. | Image credit-Samsung
It's not that hard to protect yourself. Make sure that your Galaxy phone is running the latest version of Android and that all of your apps are also running their latest versions. This might be a little harder with a Galaxy phone than an iPhone or Pixel because Samsung's updates are rolled out by the model of the phone, the country where the phone is used, and the carrier the phone is connected with. In other words, updates to Galaxy phones are staggered. Nonetheless, as soon as your phone does receive Android and security updates, make sure you install the new files ASAP.
What if you're not well known?
Even though these are said to be targeted attacks, it doesn't mean that you shouldn't take precautions. Attackers eyes get wide when they are going after a device that doesn't have the current OS version and a recent security patch installed. Don't make this easy for them, especially since it is so easy to make sure that your device is running the most up-to-date versions of Android and security updates on your phone.
"Iconic Phones" is coming this Fall!
Good news everyone! Over the past year we've been working on an exciting passion project of ours and we're thrilled to announce it will be ready to release in just a few short months.
Recommended Stories
"Iconic Phones: Revolution at Your Fingertips" is a must-have coffee table book for every tech-head that will bring you on a journey to relive the greatest technological revolution of the 21st century. For more details, simply follow the link below!
Alan, an ardent smartphone enthusiast and a veteran writer at PhoneArena since 2009, has witnessed and chronicled the transformative years of mobile technology. Owning iconic phones from the original iPhone to the iPhone 15 Pro Max, he has seen smartphones evolve into a global phenomenon. Beyond smartphones, Alan has covered the emergence of tablets, smartwatches, and smart speakers.
A discussion is a place, where people can voice their opinion, no matter if it
is positive, neutral or negative. However, when posting, one must stay true to the topic, and not just share some
random thoughts, which are not directly related to the matter.
Things that are NOT allowed:
Off-topic talk - you must stick to the subject of discussion
Offensive, hate speech - if you want to say something, say it politely
Spam/Advertisements - these posts are deleted
Multiple accounts - one person can have only one account
Impersonations and offensive nicknames - these accounts get banned
To help keep our community safe and free from spam, we apply temporary limits to newly created accounts:
New accounts created within the last 24 hours may experience restrictions on how frequently they can
post or comment.
These limits are in place as a precaution and will automatically lift.
Moderation is done by humans. We try to be as objective as possible and moderate with zero bias. If you think a
post should be moderated - please, report it.
Have a question about the rules or why you have been moderated/limited/banned? Please,
contact us.
FCC OKs Cingular\'s purchase of AT&T Wireless
Things that are NOT allowed:
To help keep our community safe and free from spam, we apply temporary limits to newly created accounts: