https://www.msuiche.com/categories/vulnerabilities/Recent content in Vulnerabilities on Matt SuicheHugoen-usWed, 17 Sep 2025 00:00:00 +0200https://www.msuiche.com/posts/cve-2025-21043-when-dng-opcodes-become-attack-vectors/Wed, 17 Sep 2025 00:00:00 +0200https://www.msuiche.com/posts/cve-2025-21043-when-dng-opcodes-become-attack-vectors/<p>Another day, another zero-day. This time it&rsquo;s CVE-2025-21043, a critical vulnerability in Android&rsquo;s DNG image parser that&rsquo;s been actively exploited in the wild. What makes this one particularly interesting is how it leverages an obscure feature of the DNG format—opcode lists—to achieve remote code execution.</p> <p>Following our <a href="https://www.msuiche.com/posts/detecting-cve-2025-43300-a-deep-dive-into-apples-dng-processing-vulnerability/" target="_blank" rel="noopener">previous analysis of CVE-2025-43300</a> and the <a href="https://www.msuiche.com/posts/elegantbouncer-when-you-cant-get-the-samples-but-still-need-to-catch-the-threat/" target="_blank" rel="noopener">ELEGANTBOUNCER detection framework</a>, let&rsquo;s dive into how this vulnerability works and why it matters.</p> <h2 id="the-discovery">The Discovery <a href="#the-discovery" class="anchor">🔗</a></h2><p>On September 2025, Samsung just pushed a critical security update. The advisory was sparse on details, but one line caught everyone&rsquo;s attention:</p>