In response to the invention of actively exploited 0-day vulnerabilities, Google has launched its September 2025 Android Safety Bulletin, rolling out patch stage 2025-09-05 to safeguard thousands and thousands of units.
The bulletin particulars crucial points in each System and Kernel elements, and emphasizes the significance of quick updates to mitigate distant code execution dangers.
Key Takeaways1. Patch 2025-09-05 fixes CVE-2025-38352 (zero-interaction RCE) and CVE-2025-48543 (kernel EoP).2. System bug wants no person motion; kernel bug grants root.3. Replace now; AOSP supply in 48 hrs.
Crucial System Element RCE Vulnerability
The flagship repair addresses CVE-2025-38352, a zero-interaction flaw within the Android System element that enables distant (proximal/adjoining) code execution with none elevated privileges.
Google’s severity evaluation charges this as Crucial, noting that profitable exploitation may grant attackers full management of affected units even with platform and repair mitigations enabled in growth environments.
No person engagement, comparable to clicking a hyperlink or opening a file, is required to set off the exploit.
Supply code patches for CVE-2025-38352 are actually obtainable within the Android Open Supply Mission (AOSP) repository.
Google plans to replace the bulletin with direct AOSP hyperlinks inside 48 hours of publication.
Excessive-Severity Elevation of Privilege Flaw
One other patch targets CVE-2025-48543, an Elevation of Privilege (EoP) vulnerability within the Android Kernel.
Rated Excessive, this flaw may enable native code to achieve root-level permissions, bypassing SELinux insurance policies and different kernel-level safeguards.
Affected variations embody Android 13, 14, 15, and 16. Companions have obtained notification of each points over a month prematurely, guaranteeing OEMs can combine the required kernel patches into upcoming gadget updates.
CVETitleSeverityCVE-2025-38352Remote (proximal/adjoining) code execution in System element, zero-interactionCriticalCVE-2025-48543Elevation of Privilege in Kernel, bypass SELinux to achieve rootHigh
Customers are strongly suggested to confirm their patch stage is at the very least 2025-09-05 and to use updates instantly.
Android companions have been briefed, and AOSP supply code updates will likely be launched shortly.
This coordinated effort underscores Google’s dedication to proactive vulnerability administration and fast response to rising threats.
Customers and gadget producers alike should prioritize this replace to take care of the integrity of Android’s safety posture.
Discover this Story Fascinating! Comply with us on Google Information, LinkedIn, and X to Get Extra On the spot Updates.
