Google has shipped security updates to address 120 security flaws in its Android operating system as part of its monthly fixes for September 2025, including two issues that it said have been exploited in targeted attacks.
The vulnerabilities are listed below –
- CVE-2025-38352 (CVSS score: 7.4) – A privilege escalation flaw in the Linux Kernel component
- CVE-2025-48543 (CVSS score: N/A) – A privilege escalation flaw in the Android Runtime component
Google said both vulnerabilities could lead to local escalation of privilege with no additional execution privileges needed. It also noted that no user interaction is required for exploitation.
The tech giant did not reveal how the issues have been weaponized in real-world attacks, but acknowledged there are indications of “limited, targeted exploitation.”
Also patched by Google are several remote code execution, privilege escalation, information disclosure, and denial-of-service vulnerabilities impacting Framework and System components.
Google has released two security patch levels, 2025-09-01 and 2025-09-05, so as to give flexibility to Android partners to address a portion of vulnerabilities that are similar across all Android devices more quickly.
“Android partners are encouraged to fix all issues in this bulletin and use the latest security patch level,” Google said.
Last month, the tech giant Google released security updates to resolve two Qualcomm vulnerabilities — CVE-2025-21479 (CVSS score: 8.6) and CVE-2025-27038 (CVSS score: 7.5) — that were flagged by the chipmaker as actively exploited in the wild.
Source: thehackernews.com…
Leave a Reply