Out-of-Bounds Write Vulnerability in JPEG Decoding for Samsung Products
CVE-2025-21052

4MEDIUM

Key Information:

Vendor: Samsung
Status: Samsung Devices
Vendor: CVE Published:; 10 October 2025

What is CVE-2025-21052?

An out-of-bounds write vulnerability exists in the pre-processing stage of JPEG decoding within libpadm.so, allowing local attackers to trigger memory corruption due to improper handling of specific conditions. This issue can lead to potential exploitation by malicious entities, emphasizing the importance of updating to the SMR Oct-2025 Release 1 to mitigate risks effectively.

Affected Version(s)

Samsung Mobile Devices SMR Oct-2025 Release in Android 13, 14, 15, 16

References

https://security.samsungmobile.com/securityUpdate.smsb?ye...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 10, 2025
Vulnerability Reserved
Nov 6, 2024

JSON