Google has released a September 2025 security update for Android devices, which addressed a total of 84 weaknesses, including two actively exploited defects.
The two flaws that were detected in the form of exploitation in zero-day attacks are Cve-2025-38352Height of privilege in Android kernel, and Cve-2025-48543Also a height of privilege problem in Android runtime component.
Google Noted in its bulletin There are indications that they can be under limited, targeted exploitation, without sharing any other details.
Cve-2025-38352 Flaw is a Linux Karnell Floral that was first manifested on 22 July 2025, which was fixed at 6.12.35–1 in kernel versions and later. It was previously not actively marked as exploitation.
The defect is a race position in the Posix CPU timer, allowing the work cleaning disintegration and kernel instability, possibly leading to accidents, refusal to serve and increasing privilege.
The CVE-2025-48543 affects Android runtime, where Java/Kotlin apps and system services are executed. This is potentially allowing a malicious app to bypass sandbox sanctions and reach high-level system capabilities.
In addition to the two actively exploited flaws, Google’s September 2025 updates for Android also addressed four important-seriousness problems.
The first is Cve-2025-48539A remote code execution (RCE) problem in Android’s system component.
This allows an attacker within physical or network proximity, such as Bluetooth or WiFi range, to execute arbitrary code on the device without any user interaction or privilege.
The other three important faults are Cve-2025-21450, Cve-2025-21483And Cve-2025-27034All of which affect the ownership components of Qualcomm.
According to additional details provided by Qualcomm through your bulletinThe CVE-2025-21483 data network stack is a memory corruption defect in the network stack that is resumed by the RTP packet to resume video (Nalas).
The attackers can send a specially designed network traffic that writes out-off-bounds, which allows remote code execution without user interaction.
The CVE-2025-27034 sor has an array index verification in the multi-mode call processor during the PLMN selection from the failed list.
Malibly or deformed network reactions can corrupt memory and enable code execution in modem baseband.
Overall, this Android patch release includes fixes for 27 Qualcomm components, bringing the total number of flaws to 111. However, these are not relevant to the devices running on chips from other manufacturers.
For MediaTek-Trained equipment, details about the latest safety reforms on the chip are available Seller’s bulletin,
It covers the weaknesses affecting Android 13 through the latest Android Safety Update 16, although not all flaws affect every version of the mobile OS.
Recommended action is to navigate and upgrade on safety patch level 2025-09-01 or 2025-09-05 Settings> System> Software Updates> System Update> And click ‘check for Update,
Users running Android 12 and earlier should replace their devices with a new model that is actively supported, or uses a third-party Android distribution that incorporates the latest security updates.
Samsung has also released it September maintenance update For its major devices, which include improvement for specific flaws for its custom components, such as a UI.
The passwords broke in 46% of the atmosphere, almost doubled by 25% last year.
Picus Blue Report 2025 Now get a wider look at more conclusions on prevention, detection and data exfIs.
