Patch now or risk a backdoor: A September 2025 Release 1 patch addresses the flaw that affects devices running Android versions 13 through 16. “Out-of-bounds Write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code,” Samsung said in the disclosure.For enterprises, CVE-2025-21043 is more than a personal device issueit represents a potential backdoor into corporate networks. Exploitation could allow attackers to access sensitive business apps, email accounts, and even corporate data stored on the device.Devices with incomplete patching in bring-your-own-device (BYOD) or mixed-managed environments may inadvertently act as bridges into critical enterprise systems. Barr noted that tracking patch compliance can be challenging in BYOD setups, where users may resist MDM controls or updates. “Outside of MDM, organizations using Entra ID or other SSO tools can often see logins by device and reach out to users directly to confirm updates.” While updates are often automatic on Android devices, verification is still key, he added.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4057050/samsungs-image-library-flaw-opens-a-zero-click-backdoor.html
