In its latest security bulletin for September 2025, Google has rolled out patches for 120 vulnerabilities within the Android operating system. Notably, this update addresses two zero-day vulnerabilities that have been actively exploited in targeted attacks.
Details of the Zero-Day Vulnerabilities:
1. CVE-2025-38352: This is a privilege escalation flaw located in the Linux Kernel component, carrying a CVSS score of 7.4.
2. CVE-2025-48543: Another privilege escalation issue, this time within the Android Runtime component.
Both vulnerabilities allow for local escalation of privileges without the need for additional execution permissions or user interaction. While Google has not disclosed specific details regarding the exploitation methods, the company has acknowledged evidence of limited, targeted exploitation.
Discovery and Reporting:
The Linux Kernel vulnerability (CVE-2025-38352) was identified and reported by BenoĆ®t Sevens from Google’s Threat Analysis Group (TAG). This suggests that the flaw may have been utilized in targeted spyware attacks.
Additional Vulnerabilities Addressed:
Beyond the two zero-days, the update also rectifies several other critical issues, including:
– Remote Code Execution Vulnerabilities: These flaws could allow attackers to execute arbitrary code remotely, potentially leading to unauthorized access or control over affected devices.
– Privilege Escalation Vulnerabilities: Such vulnerabilities enable attackers to gain elevated access rights, which could be exploited to perform unauthorized actions on the device.
– Information Disclosure Vulnerabilities: These issues could result in unauthorized access to sensitive information, posing significant privacy risks.
– Denial-of-Service Vulnerabilities: Exploitation of these flaws could lead to service disruptions, rendering devices temporarily unusable.
Patch Levels and Recommendations:
To facilitate timely and efficient deployment of these fixes, Google has released two security patch levels:
– 2025-09-01: This patch level addresses a subset of vulnerabilities that are common across all Android devices.
– 2025-09-05: This comprehensive patch level includes fixes for all identified vulnerabilities, including those specific to certain devices or components.
Google advises all Android partners to implement all patches from this bulletin and to adopt the latest security patch level to ensure optimal protection.
Context and Historical Perspective:
This update follows a series of proactive security measures by Google in recent months:
– August 2025: Google addressed two actively exploited vulnerabilities in Qualcomm components, identified as CVE-2025-21479 and CVE-2025-27038. These flaws were reported by Qualcomm and were under active exploitation in the wild.
– May 2025: The company released patches for 46 security flaws, including CVE-2025-27363, a high-severity vulnerability in the System component that had been exploited in real-world attacks.
– March 2025: Google’s security update fixed two actively exploited vulnerabilities, CVE-2024-43093 and CVE-2024-50302, both of which were privilege escalation flaws in the Framework and HID USB components, respectively.
These consistent updates underscore Google’s commitment to maintaining the security and integrity of the Android ecosystem.
User Guidance:
Android users are strongly encouraged to:
– Regularly Check for Updates: Ensure that your device is set to receive automatic updates or manually check for updates to apply the latest security patches promptly.
– Verify Patch Level: After updating, confirm that your device reflects the latest security patch level (2025-09-05) to ensure all vulnerabilities have been addressed.
– Stay Informed: Keep abreast of security bulletins and advisories from Google and other reputable sources to remain aware of potential threats and recommended actions.
Conclusion:
The September 2025 Android security update is a critical release that addresses a substantial number of vulnerabilities, including two zero-day flaws currently under active exploitation. By promptly applying these updates, users can significantly enhance the security of their devices, safeguarding personal data and maintaining device integrity.
