Surprising update hits Galaxy S25 buyersNurPhoto via Getty ImagesExciting times for Samsung owners. The new Galaxy S25s is now shipping and older flagships S24s and S23s are due an Android 15 / One UI 7 upgrade very soon. The new OS has endured delay after delay, but cant be much longer now. But for those who have bought a new Galaxy S25, theres a surprising sting in the tail.Last week, the U.S. governments cyber defense agency ordered all federal staffers to update all Android devices by February 26th or power them down. This followed Googles warning that a zero-day vulnerability within in Androids kernel was under active exploitation. It rushed out the fix for Pixels, which is available now.Meanwhile, Samsung dropped its own February security update, but the fix for CVE-2024-53104 was missing. It seems likely this will release alongside or in addition to the monthly release, despite its exclusion from the bulletin. Either that or its rolling over to March. We have seen both approaches for other recent critical fixes. Whichever approach is taken, Id expect CVE-2024-53104 to be listed in Marchs update.The critical security issue affects the way a devices memory handles video frames, with oversized frames destabilizing memory and opening the device to other exploits. While details are scarce, its thought this has been actively exploited by targeting phones via a physical USB connection. The likely culprits not unusually are assumed to be forensic data grabs, as used by law enforcement and others.MORE FOR YOUAs Recorded Future warns, this vulnerability could be exploited by malicious actors to execute arbitrary code or cause denial-of-service conditions. Users are strongly advised to update their Linux kernels to address this security flaw.While this missing fix is bad news for all Galaxy owners, its surprisingly worse for those buying the new S25. While Februarys release doesnt officially address the issue, the S25 actually still appears to be stuck on Decembers release, which is not a good look.Samsung needs to act fast, Pune News says. While the excitement surrounding the [S25s] speed, camera, and features is palpable, a serious security concern has emerged that could dampen its appeal. Despite being praised for its performance, the S25 Ultra is still vulnerable to a critical security flaw that could affect users. A zero-day vulnerability identified in the February 2025 Android security patch has been actively exploited, and the device is yet to receive the fix, leaving it exposed to potential threats.SammyFans warns the Galaxy S25 has one big security flaw, an issue which hackers could exploit. The website says that with the Galaxy S25 Ultra still running on the December 2024 security patch, it has been left vulnerable, which unlike previous updates, [is] urgent due to the active exploitation of the vulnerability.I have asked Samsung for an update on the timing for its CVE-2024-53104 fix, for both Galaxy 25s and older flagships, and will provide any new update here.