Google has launched the September 2025 security replace for Android gadgets, addressing a complete of 84 vulnerabilities, together with two actively exploited flaws.
The 2 flaws that have been detected as exploited in zero-day assaults are CVE-2025-38352, an elevation of privilege within the Android kernel, and CVE-2025-48543, additionally an elevation of privilege downside within the Android Runtime element.
Google famous in its bulletin that there are indications that these two flaws could also be underneath restricted, focused exploitation, with out sharing any extra particulars.
The CVE-2025-38352 flaw is a Linux kernel flaw first disclosed on July 22, 2025, mounted in kernel variations 6.12.35-1 and later. It was not beforehand marked as actively exploited.
The flaw is a race situation in POSIX CPU timers, permitting process cleanup disruption and kernel destabilization, probably resulting in crashes, denial of service, and privilege escalation.
CVE-2025-48543 impacts the Android Runtime, the place Java/Kotlin apps and system companies execute. It probably permits a malicious app to bypass sandbox restrictions and entry higher-level system capabilities.
Aside from the 2 actively exploited flaws, Google’s September 2025 replace for Android additionally addresses 4 critical-severity issues.
The primary is CVE-2025-48539, a distant code execution (RCE) downside in Android’s System element.
It permits an attacker inside bodily or community proximity, reminiscent of Bluetooth or WiFi vary, to execute arbitrary code on the machine with none consumer interplay or privileges.
The opposite three vital flaws are CVE-2025-21450, CVE-2025-21483, and CVE-2025-27034, all of which influence Qualcomm’s proprietary elements.
In line with extra particulars offered by Qualcomm by way of its bulletin, CVE-2025-21483 is a reminiscence corruption flaw within the knowledge community stack that happens when reassembling video (NALUs) from RTP packets.
Attackers can ship specifically crafted community visitors that triggers out-of-bounds writes, permitting distant code execution with out consumer interplay.
CVE-2025-27034 is an array index validation bug within the multi-mode name processor throughout PLMN choice from the SOR failed listing.
Malicious or malformed community responses can corrupt reminiscence and allow code execution within the modem baseband.
In complete, this Android patch launch incorporates fixes for 27 Qualcomm elements, bringing the entire variety of mounted flaws to 111. Nevertheless, these aren’t related to gadgets working on chips from different producers.
For MediaTek-powered gadgets, particulars in regards to the newest security fixes can be found on the chip vendor’s bulletin.
This newest Android security replace covers vulnerabilities impacting Android 13 by way of 16, although not all flaws influence each model of the cellular OS.
The beneficial motion is to improve to security patch degree 2025-09-01 or 2025-09-05 by navigating Settings > System > Software program updates > System replace > and clicking ‘Examine for replace.’
Customers working Android 12 and earlier ought to change their machine with a more recent mannequin that’s actively supported, or use a third-party Android distribution that includes the most recent security updates.
Samsung has additionally launched its September upkeep replace for its flagship gadgets, together with fixes for flaws particular to its customized elements, reminiscent of One UI.
46% of environments had passwords cracked, almost doubling from 25% final 12 months.
Get the Picus Blue Report 2025 now for a complete take a look at extra findings on prevention, detection, and knowledge exfiltration tendencies.
