Back to News
Market Impact: 0.45

Patch now: Samsung zero-day lets attackers take over your phone

ADBE
Cybersecurity & Data PrivacyTechnology & InnovationRegulation & Legislation

The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-21042, a critical zero-day vulnerability in Samsung mobile devices, to its Known Exploited Vulnerabilities catalog, signaling active exploitation. This flaw, an out-of-bounds write in Samsung's image processing library, enables remote code execution without user interaction, allowing attackers to deploy LANDFALL spyware via malformed images and potentially gain full device control, impacting models like the Galaxy S23/S24 series. Despite Samsung issuing a patch in April 2025, the CISA warning highlights the ongoing threat and urgent need for immediate updates across corporate and personal devices to mitigate significant data security risks and potential enterprise compromise.

Analysis

CISA's addition of CVE-2025-21042, a critical zero-day vulnerability in Samsung mobile devices, to its KEV catalog on November 10, 2025, confirms active exploitation in the wild. This out-of-bounds write flaw in Samsung's image processing library enables remote code execution (RCE) without user interaction, allowing attackers to deploy LANDFALL spyware. The vulnerability has been weaponized through malformed Digital Negative (DNG) image files sent via WhatsApp, impacting various models including the Galaxy S23/S24 series and Galaxy Z Fold4. Despite Samsung patching this issue in April 2025, CISA's recent warning underscores that exploits have been active for months, indicating a persistent threat where attackers have outpaced defenders. The zero-click attack vector, requiring no user interaction beyond image processing, poses significant risks for data theft, surveillance, and potential enterprise compromise. This incident, alongside the September 2025 patch for CVE-2025-21043, highlights a growing trend of image processing flaws becoming favored entry points for sophisticated cyberattacks.

AllMind AI Terminal

AI-powered research, real-time alerts, and portfolio analytics for institutional investors.

Request a Demo

Market Sentiment

Overall Sentiment

extremely negative

Sentiment Score

-0.80

Ticker Sentiment

ADBE0.00

Key Decisions for Investors

  • Investors with exposure to Samsung or companies heavily reliant on Samsung mobile devices should prioritize immediate patching of all affected devices to mitigate the confirmed zero-day exploitation risk.
  • Assess the mobile security posture of portfolio companies, especially those with significant mobile workforces, against zero-click RCE vulnerabilities and advanced spyware threats like LANDFALL.
  • Monitor for potential regulatory actions or reputational damage to Samsung and related entities, given the severity of the vulnerability and CISA's KEV listing, which could influence market sentiment.