Google has launched the September 2025 safety replace for Android gadgets, addressing a complete of 84 vulnerabilities, together with two actively exploited flaws.
The 2 flaws that had been detected as exploited in zero-day assaults are CVE-2025-38352an elevation of privilege within the Android kernel, and CVE-2025-48543additionally an elevation of privilege downside within the Android Runtime part.
Google famous in its bulletin that there are indications that these two flaws could also be beneath restricted, focused exploitation, with out sharing any extra particulars.
The CVE-2025-38352 flaw is a Linux kernel flaw first disclosed on July 22, 2025, fastened in kernel variations 6.12.35-1 and later. It was not beforehand marked as actively exploited.
The flaw is a race situation in POSIX CPU timers, permitting process cleanup disruption and kernel destabilization, doubtlessly resulting in crashes, denial of service, and privilege escalation.
CVE-2025-48543 impacts the Android Runtime, the place Java/Kotlin apps and system providers execute. It doubtlessly permits a malicious app to bypass sandbox restrictions and entry higher-level system capabilities.
Other than the 2 actively exploited flaws, Google’s September 2025 replace for Android additionally addresses 4 critical-severity issues.
The primary is CVE-2025-48539a distant code execution (RCE) downside in Android’s System part.
It permits an attacker inside bodily or community proximity, akin to Bluetooth or WiFi vary, to execute arbitrary code on the gadget with none consumer interplay or privileges.
The opposite three crucial flaws are CVE-2025-21450, CVE-2025-21483and CVE-2025-27034all of which impression Qualcomm’s proprietary elements.
In accordance with further particulars offered by Qualcomm through its bulletinCVE-2025-21483 is a reminiscence corruption flaw within the knowledge community stack that happens when reassembling video (NALUs) from RTP packets.
Attackers can ship specifically crafted community visitors that triggers out-of-bounds writes, permitting distant code execution with out consumer interplay.
CVE-2025-27034 is an array index validation bug within the multi-mode name processor throughout PLMN choice from the SOR failed record.
Malicious or malformed community responses can corrupt reminiscence and allow code execution within the modem baseband.
In whole, this Android patch launch incorporates fixes for 27 Qualcomm elements, bringing the full variety of fastened flaws to 111. Nevertheless, these aren’t related to gadgets working on chips from different producers.
For MediaTek-powered gadgets, particulars in regards to the newest safety fixes can be found on the chip vendor’s bulletin.
This newest Android safety replace covers vulnerabilities impacting Android 13 by way of 16, although not all flaws impression each model of the cell OS.
The really helpful motion is to improve to safety patch stage 2025-09-01 or 2025-09-05 by navigating Settings > System > Software program updates > System replace > and clicking ‘Test for replace.’
Customers working Android 12 and earlier ought to change their gadget with a more recent mannequin that’s actively supported, or use a third-party Android distribution that includes the most recent safety updates.
Samsung has additionally launched its September upkeep replace for its flagship gadgets, together with fixes for flaws particular to its customized elements, akin to One UI.
46% of environments had passwords cracked, practically doubling from 25% final 12 months.
Get the Picus Blue Report 2025 now for a complete take a look at extra findings on prevention, detection, and knowledge exfiltration traits.
