CVE-2025-21043


Lookout Coverage and Recommendation for Admins
To ensure your devices are protected, Lookout admins must implement immediate patching and proactive threat defenses due to active exploitation:
- Endpoint Detection: Enable Lookout’s Out-of-date OS policy, as our system can detect when devices are running an out-of-date Android Security Patch Levels (ASPLs), flagging them as vulnerable.
- Patch Compliance: Enforce minimum ASPLs ≥ September 1, 2025 on all Samsung devices to ensure the fix is applied.
- Threat Prevention: Enable Lookout Phishing & Content Protection (PCP) to protect mobile users from malicious phishing campaigns that deliver exploit URLs.
- Risk Management: Continuously monitor device status, as vulnerabilities like these can grant attackers broad access and lead to data leakage for enterprise organizations.
Overview
CVE-2025-21043 is a critical, actively exploited zero-day vulnerability in Samsung Android devices. This out-of-bounds write flaw affects a Samsung image codec and allows a remote attacker to achieve arbitrary code execution. The exploit is often delivered via a malicious image through social engineering via messaging apps (e.g., MMS, RCS, or OTT messengers like WhatsApp) and can be triggered simply by automatic download, preview or notification.
This affects Samsung mobile devices running Android 13, 14, 15, and 16 prior to the September 2025 Security Maintenance Release (SMR).
Lookout Analysis
Vulnerabilities like these can have an outsized impact on mobile fleets, especially when they exist in everyday apps such as mobile browsers. In addition to gaining remote access to vulnerable devices, successful exploits in browsers also frequently grant the attacker access to the same permissions as the browsers.
Each of the disclosed vulnerabilities can be exploited via a maliciously crafted webpage, which means that attackers can deliver them as URLs in the same way they would deliver phishing attacks on mobile devices. This means they would likely socially engineer an individual through SMS, iMessage, WhatsApp, Telegram, Instagram, LinkedIn, or any of the countless messaging and social media apps on mobile devices. A successful attack could lead to continued data leakage and risk for enterprise organizations.
Authors


Lookout Mobile Endpoint Security
Stop Cyberattacks Before They Start With Industry-Leading Threat Intelligence.
Advanced mobile Endpoint Detection & Response powered by data from 185M+ apps and 200M+ devices on iOS, Android, ChromeOS.