Overview

• Attackers can run code via a third‑party image‑analysis library when a crafted picture is received or previewed, requiring no user interaction.
• Samsung says the flaw is being exploited in the wild, raising the risk of spyware and unauthorized access to messages and personal data.
• The exposure spans Galaxy devices on Android 13 through 16, with Samsung indicating a large share of models from the past five years could be affected.
• Samsung and WhatsApp/Meta have released fixes, so users should install the latest Galaxy security update and update WhatsApp immediately with automatic updates enabled.
• The patch is shipping in stages by model, region and carrier, and reporting cites related CVEs including CVE-2025-21043, CVE-2025-55177 and CVE-2025-43300.