Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers

Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers

Posted on By CWS

Could 06, 2025Ravie LakshmananVulnerability / Cell Safety
Google has launched its month-to-month safety updates for Android with fixes for 46 safety flaws, together with one vulnerability that it mentioned has been exploited within the wild.
The vulnerability in query is CVE-2025-27363 (CVSS rating: 8.1), a high-severity flaw within the System element that might result in native code execution with out requiring any extra execution privileges.
“Probably the most extreme of those points is a excessive safety vulnerability within the System element that might result in native code execution with no extra execution privileges wanted,” Google mentioned in a Monday advisory. “Consumer interplay isn’t wanted for exploitation.”
It is value noting that CVE-2025-27363 is rooted within the FreeType open-source font rendering library. It was first disclosed by Fb in March 2025 as having been exploited within the wild.

The shortcoming has been described as an out-of-bounds write flaw that might end in code execution when parsing TrueType GX and variable font recordsdata. The problem has been remediated in FreeType variations greater than 2.13.0.
“There are indications that CVE-2025-27363 could also be beneath restricted, focused exploitation,” Google acknowledged in its safety bulletin. The precise specifics of the assaults are presently unknown.
Google’s Could replace additionally resolves eight different flaws within the Android System and 15 flaws within the Framework module that might be abused to facilitate privilege escalation, data disclosure, and denial-of-service.
“Exploitation for a lot of points on Android is made tougher by enhancements in newer variations of the Android platform,” the corporate mentioned. “We encourage all customers to replace to the newest model of Android the place potential.”
Replace
The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Tuesday added CVE-2025-27363 to its Identified Exploited Vulnerabilities (KEV) catalog, requiring federal companies to use the patches by Could 27, 2025.

Discovered this text attention-grabbing? Comply with us on Twitter  and LinkedIn to learn extra unique content material we publish.

The Hacker News Tags:, , , , , ,

Related Posts

China-Linked Hackers Launch Targeted Espionage Campaign on African IT Infrastructure China-Linked Hackers Launch Targeted Espionage Campaign on African IT Infrastructure The Hacker News
Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign The Hacker News
Iran-Linked Hackers Hits Israeli Sectors with New MuddyViper Backdoor in Targeted Attacks Iran-Linked Hackers Hits Israeli Sectors with New MuddyViper Backdoor in Targeted Attacks The Hacker News
New HybridPetya Ransomware Bypasses UEFI Secure Boot With CVE-2024-7344 Exploit New HybridPetya Ransomware Bypasses UEFI Secure Boot With CVE-2024-7344 Exploit The Hacker News
Qilin Ransomware Ranked Highest in April 2025 with Over 45 Data Leak Disclosures Qilin Ransomware Ranked Highest in April 2025 with Over 45 Data Leak Disclosures The Hacker News
AI Agents and Identity Risks in Modern Enterprises AI Agents and Identity Risks in Modern Enterprises The Hacker News