Samsung issues urgent security patch for zero-day flaw affecting Galaxy devices

Samsung has released an emergency fix for a critical zero-day vulnerability in its Galaxy smartphones running Android 13 and later, which could allow hackers to remotely execute malicious code through maliciously crafted images. Users are urged to update immediately to protect their devices from active exploits in the wild.

Samsung has urgently released a critical security patch to address a serious zero-day vulnerability affecting a broad range of its Galaxy smartphones running Android 13 and later. The flaw, identified as CVE-2025-21043, originates from a bug in a third-party image parsing library, which allows remote code execution through a maliciously crafted image. This means that simply receiving or opening a specially designed photo could enable hackers to execute malicious code without any action from the device user. Samsung’s emergency fix is now available, and users are strongly advised to install it promptly via the device settings to prevent potential exploitation.

This vulnerability poses a significant threat because it affects millions of users worldwide and does not discriminate between recent and relatively older models. Notably, Samsung confirmed that the latest flagship devices, including the Galaxy S23 and the newly launched Galaxy S25 and S25 Ultra, are vulnerable. However, the problem extends to any Galaxy smartphone updated to Android 13 or higher. Samsung has refrained from publishing a detailed list of affected devices to avoid providing guidance to malicious actors. According to the company and security researchers, the presence of this exploit “in the wild” indicates that hackers are actively leveraging the flaw, raising concerns especially for high-profile users such as journalists, diplomats, and executives who are often targeted in surveillance campaigns.

Samsung’s call for immediate updates highlights the critical nature of the vulnerability. To secure their devices, users should navigate to Settings > System > Software Update and apply the latest patch without delay. Delaying installation leaves phones exposed to “zero-click” attacks—sophisticated hacks executed without any user interaction, making them insidiously effective and difficult to detect. Experts suggest that while waiting for the update to roll out across all models and regions—a process that can vary due to carrier and regional differences—users could additionally enhance protection by employing antivirus software, VPNs, and password managers.

The urgency of Samsung’s response underscores the broader challenges faced by smartphone manufacturers in combating zero-day security flaws. These vulnerabilities, discovered and exploited before the vendor can issue a fix, represent some of the most dangerous threats in digital security. Samsung’s current patch is part of its September 2025 Security Maintenance Release, also covering Android versions up to 16. Alongside this emergency update, Samsung continues its phased rollout of other major updates, such as One UI 8, which brings new AI features and improved user interfaces to its flagship devices.

This incident follows a series of security concerns regarding Samsung’s hardware and software platforms. For example, previous advisories highlighted vulnerabilities in Exynos modem chips, some of which remain incompletely patched, demonstrating the ongoing struggle to secure complex smartphone ecosystems. The current vulnerability in the image processing library adds to this persistent security landscape.

In summary, Samsung’s rapid deployment of this patch reflects the critical and active nature of the security threat. All Galaxy smartphone users running Android 13 or later must update their devices immediately to safeguard personal data and privacy from sophisticated remote attacks exploiting an apparently simple but devastating flaw.

📌 Reference Map:

• Paragraph 1 – ^[1], ^[2], ^[4], ^[7]
• Paragraph 2 – ^[1], ^[4], ^[5], ^[7]
• Paragraph 3 – ^[1], ^[5], ^[4]
• Paragraph 4 – ^[3], ^[7]
• Paragraph 5 – ^[6], ^[1], ^[4]
• Paragraph 6 – ^[1], ^[4], ^[7]

Source: Noah Wire Services