CISA has added a critical Samsung Mobile vulnerability (CVE-2025-21042) to its Known Exploited Vulnerabilities (KEV) catalog, mandating patching for federal agencies. The flaw was used as a zero-day to deploy the “LANDFALL” spyware, possibly through a zero-click attack vector using malicious DNG images sent via apps like WhatsApp.
Business Impact
This is a severe threat to mobile security. A zero-click exploit allows attackers to compromise a device and install spyware without any user interaction, enabling total surveillance of high-value targets like executives and government officials, and compromising all corporate data on that device.
Why It Happened
The vulnerability is an out-of-bounds write flaw in Samsung’s proprietary image processing library. An attacker can send a malformed image that, when processed by the device (even for a preview), triggers the flaw and allows arbitrary code execution.
Recommended Executive Action
Direct your IT/MDM teams to push the Samsung April 2025 (or later) security update to all corporate and BYOD Samsung devices immediately. Remind high-risk personnel to disable all media auto-download features in messaging applications as a precaution.
Hashtags: #CISA #KEV #Samsung #ZeroDay #ZeroClick #Spyware #MobileSecurity #CVE #InfoSec
