Google has released the September 2025 security update for Android devices, addressing a total of 84 vulnerabilities, including two actively exploited flaws.
The two flaws that were detected as exploited in zero-day attacks are CVE-2025-38352, an elevation of privilege in the Android kernel, and CVE-2025-48543, also an elevation of privilege problem in the Android Runtime component.
Google noted in its bulletin that there are indications that those two flaws may be under limited, targeted exploitation, without sharing any more details.
The CVE-2025-38352 flaw is a Linux kernel flaw first disclosed on July 22, 2025, fixed in kernel versions 6.12.35-1 and later. It was not previously marked as actively exploited.
The flaw is a race condition in POSIX CPU timers, allowing task cleanup disruption and kernel destabilization, potentially leading to crashes, denial of service, and privilege escalation.
CVE-2025-48543 impacts the Android Runtime, where Java/Kotlin apps and system services execute. It potentially allows a malicious app to bypass sandbox restrictions and access higher-level system capabilities.
Apart from the two actively exploited flaws, Google's September 2025 update for Android also addresses four critical-severity problems.
The first is CVE-2025-48539, a remote code execution (RCE) problem in Android's System component.
It allows an attacker within physical or network proximity, such as Bluetooth or WiFi range, to execute arbitrary code on the device without any user interaction or privileges.
The other three critical flaws are CVE-2025-21450, CVE-2025-21483, and CVE-2025-27034, all of which impact Qualcomm's proprietary components.
... continue reading