Google on Monday introduced a recent set of safety updates for Android that deal with six vulnerabilities within the working system and third-party elements, together with an exploited Qualcomm flaw.
The exploited bug, disclosed in early June and tracked as CVE‑2025‑27038 (CVSS rating of seven.5), is described as a use-after-free subject when rendering graphics utilizing Adreno GPU drivers in Chrome.
“There are indications from Google Menace Evaluation Group that CVE-2025-21479, CVE-2025-21480, CVE-2025-27038 could also be underneath restricted, focused exploitation,” Qualcomm stated on June 2. The US cybersecurity company CISA added all three to the KEV catalog the subsequent day.
In Could, Qualcomm shipped patches for all three safety defects to OEMs and cellphone makers, however Google’s June Android patches didn’t embrace fixes for them, and no safety patch was rolled out in July, for the primary time in a decade.
Whereas no particulars on the noticed exploitation of CVE‑2025‑27038 have been shared publicly, Qualcomm’s phrasing and the earlier exploitation of bugs in its chipsets counsel that it may need been focused by a industrial adware vendor.
Essentially the most extreme of the 5 remaining flaws within the August 2025 Android safety bulletin is a critical-severity distant code execution (RCE) subject within the System element, tracked as CVE‑2025‑48530, which will be exploited with out consumer interplay.
“Essentially the most extreme of those points is a essential safety vulnerability within the System element that might result in distant code execution together with different bugs, with no extra execution privileges wanted,” Google notes.
The primary a part of Android’s August 2025 replace arrives on gadgets because the 2025-08-01 safety patch stage and resolves the System safety defect, together with two high-severity elevation of privilege (EoP) vulnerabilities within the Framework element.Commercial. Scroll to proceed studying.
The second half arrives because the 2025-08-05 safety patch stage and addresses one flaw in Arm elements and two points in Qualcomm elements, together with the exploited bug.
“We urge organizations to make sure all managed Android gadgets are promptly up to date to the 2025‑08‑05 safety patch stage (or newer) in order that they aren’t uncovered. This month’s bulletin reinforces the precept that even smaller updates can shut pathways utilized by expert risk actors – staying forward requires proactivity, not complacency,” Jamf senior safety technique supervisor Adam Boynton stated.
No safety patches have been included within the August 2025 safety bulletins for Android Automotive OS and Put on OS, and Google has but to publish a Pixel safety bulletin for this month.
Associated: Apple Patches Safari Vulnerability Flagged as Exploited Towards Chrome
Associated: SonicWall Hunts for Zero-Day Amid Surge in Firewall Exploitation
Associated: Nvidia Triton Vulnerabilities Pose Large Danger to AI Fashions
Associated: Samsung Pronounces Safety Enhancements for Galaxy Smartphones
