This article analyzes a series of DNG image exploits discovered between July 2024 and February 2025, targeting the Quram library on Samsung devices. The exploits bypassed security by leveraging WhatsApp to deliver malicious images, ultimately aiming to execute code within a specific Samsung system service.

Samsung has addressed a critical remote code execution vulnerability (CVE-2025-21043) affecting Android devices running version 13 or later, which was exploited in zero-day attacks. Discovered in a closed-source image parsing library, the flaw allows attackers to execute malicious code remotely. Meta and WhatsApp reported the vulnerability, highlighting the importance of keeping devices updated to mitigate such risks.