Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
Warning: Critical vulnerability in Samsung Galaxy Android actively exploited to install spyware via WhatsApp-delivered files, Patch Immediately!
Image
Published : 10/11/2025
- Last update: 10-11-2025
- Affected software:
→ Samsung Galaxy Android versions 13, 14, and 15- Type: Out-of-bounds Write vulnerability
- CVE/CVSS
→ CVE-2025-21042: 9.8 CRITICAL (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Sources
https://nvd.nist.gov/vuln/detail/CVE-2025-21042
Risks
A critical-severity vulnerability (CVE-2025-21042) of severity 9.8 exists in Samsung Galaxy Android versions 13, 14, and 15. If left unpatched, affected instances are vulnerable to remote code execution (RCE), with a possible high impact on the confidentiality, integrity, and availability of data and systems.
The vulnerability has been actively exploited since 2024 to install LANDFALL Android spyware in targeted intrusions within the Middle East.
Samsung patched CVE-2025-21042 in April 2025.
Description
CVE-2025-21042 is an Out-of-Bounds Write vulnerability affecting Samsung Galaxy devices running Android versions 13, 14, and 15. Threat actors have exploited this flaw by embedding the LANDFALL spyware within maliciously crafted DNG image files, which were reportedly delivered through WhatsApp. This exploitation allowed attackers to execute arbitrary code and compromise targeted devices.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.
While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.
References
https://security.samsungmobile.com/securityUpdate.smsb - please select the update of (APRIL 2025))
https://unit42.paloaltonetworks.com/landfall-is-new-commercial-grade-android-spyware/