Google has launched the September 2025 safety replace for Android units, addressing a complete of 84 vulnerabilities, together with two actively exploited flaws.
The 2 flaws that have been detected as exploited in zero-day assaults are CVE-2025-38352, an elevation of privilege within the Android kernel, and CVE-2025-48543, additionally an elevation of privilege drawback within the Android Runtime part.
Google famous in its bulletin that there are indications that these two flaws could also be beneath restricted, focused exploitation, with out sharing any extra particulars.
The CVE-2025-38352 flaw is a Linux kernel flaw first disclosed on July 22, 2025, fastened in kernel variations 6.12.35-1 and later. It was not beforehand marked as actively exploited.
The flaw is a race situation in POSIX CPU timers, permitting activity cleanup disruption and kernel destabilization, doubtlessly resulting in crashes, denial of service, and privilege escalation.
CVE-2025-48543 impacts the Android Runtime, the place Java/Kotlin apps and system providers execute. It doubtlessly permits a malicious app to bypass sandbox restrictions and entry higher-level system capabilities.
Other than the 2 actively exploited flaws, Google’s September 2025 replace for Android additionally addresses 4 critical-severity issues.
The primary is CVE-2025-48539, a distant code execution (RCE) drawback in Android’s System part.
It permits an attacker inside bodily or community proximity, comparable to Bluetooth or WiFi vary, to execute arbitrary code on the machine with none person interplay or privileges.
The opposite three crucial flaws are CVE-2025-21450, CVE-2025-21483, and CVE-2025-27034, all of which impression Qualcomm’s proprietary elements.
In response to extra particulars offered by Qualcomm through its bulletin, CVE-2025-21483 is a reminiscence corruption flaw within the knowledge community stack that happens when reassembling video (NALUs) from RTP packets.
Attackers can ship specifically crafted community site visitors that triggers out-of-bounds writes, permitting distant code execution with out person interplay.
CVE-2025-27034 is an array index validation bug within the multi-mode name processor throughout PLMN choice from the SOR failed listing.
Malicious or malformed community responses can corrupt reminiscence and allow code execution within the modem baseband.
In whole, this Android patch launch incorporates fixes for 27 Qualcomm elements, bringing the whole variety of fastened flaws to 111. Nevertheless, these aren’t related to units operating on chips from different producers.
For MediaTek-powered units, particulars concerning the newest safety fixes can be found on the chip vendor’s bulletin.
This newest Android safety replace covers vulnerabilities impacting Android 13 by 16, although not all flaws impression each model of the cellular OS.
The beneficial motion is to improve to safety patch stage 2025-09-01 or 2025-09-05 by navigating Settings > System > Software program updates > System replace > and clicking ‘Verify for replace.’
Customers operating Android 12 and earlier ought to change their machine with a more moderen mannequin that’s actively supported, or use a third-party Android distribution that comes with the newest safety updates.
Samsung has additionally launched its September upkeep replace for its flagship units, together with fixes for flaws particular to its customized elements, comparable to One UI.
46% of environments had passwords cracked, practically doubling from 25% final 12 months.
Get the Picus Blue Report 2025 now for a complete have a look at extra findings on prevention, detection, and knowledge exfiltration traits.
