Google has shipped security updates to handle 120 security flaws in its Android working system as a part of its month-to-month fixes for September 2025, together with two points that it stated have been exploited in focused assaults.
The vulnerabilities are listed under –
- CVE-2025-38352 (CVSS rating: 7.4) – A privilege escalation flaw within the Linux Kernel part
- CVE-2025-48543 (CVSS rating: N/A) – A privilege escalation flaw within the Android Runtime part
Google stated each vulnerabilities might result in native escalation of privilege with no further execution privileges wanted. It additionally famous that no person interplay is required for exploitation.
The tech big didn’t reveal how the problems have been weaponized in real-world assaults, however acknowledged there are indications of “restricted, focused exploitation.”
Additionally patched by Google are a number of distant code execution, privilege escalation, data disclosure, and denial-of-service vulnerabilities impacting Framework and System elements.
Google has launched two security patch ranges, 2025-09-01 and 2025-09-05, in order to present flexibility to Android companions to handle a portion of vulnerabilities which might be comparable throughout all Android gadgets extra rapidly.
“Android companions are inspired to repair all points on this bulletin and use the most recent security patch degree,” Google stated.
Final month, the tech big Google launched security updates to resolve two Qualcomm vulnerabilities — CVE-2025-21479 (CVSS rating: 8.6) and CVE-2025-27038 (CVSS rating: 7.5) — that have been flagged by the chipmaker as actively exploited within the wild.
