Google published the September 2025 security update for Android devices, addressing a total of 84 vulnerabilities, including two actively exploited faults.
The two defects detected as exploited in zero-day attacks are CVE-2025-38352an elevation of privilege in the Android nucleus, and CVE-2025-48543Also an elevation of the privilege problem in the Android execution component.
Google noted in his bulletin that there are indications that these two faults can be under a limited and targeted exploitation, without sharing more details.
THE CVE-2025-38352 FLAW is a Linux nucleus fault disclosed for the first time on July 22, 2025, fixed in the versions of the nucleus 6.12.35-1 and later. It was not previously marked as actively exploited.
The flaw is a condition of racing in the timer of CPU Posix, allowing a disruption of cleaning the tasks and a destabilization of the nucleus, potentially leading to accidents, a denial of service and the climbing of privileges.
The CVE-2025-48543 has an impact on the Android runtime, where Java / Kotlin system applications and services run. It potentially allows a malicious application to bypass the restrictions of sandbox and access to the capabilities of the higher level system.
In addition to the two actively exploited faults, the Google update in September 2025 for Android also solves four problems of critical severity.
The first is CVE-2025-48539A distant code execution problem (RCE) in the Android system component.
It allows a physical or network proximity attacker, such as the Bluetooth or WiFi beach, to execute arbitrary code on the device without any user or privilege interaction.
The other three critical defects are CVE-2025-21450,, CVE-2025-21483And CVE-2025-27034which all have an impact on the proprietary components of Qualcomm.
According to the additional details provided by Qualcomm via its bulletinCVE-2025-21483 is a defect in memory corruption in the data network stack that occurs when reassembling the video (NALUS) from RTP packages.
The attackers can send a specially designed network traffic which triggers out of limits, allowing the execution of remote code without user interaction.
CVE-2025-27034 is a table index validation bug in the multimode call processor during the PLMN selection from the Sor failure list.
Malventy or ill -trained network responses can corrupt memory and activate the execution of the code in the basic modem strip.
In total, this Android Patch version incorporates fixes for 27 Qualcomm components, bearing the total number of fixed defects at 111. However, these are not relevant for devices operating on chips from other manufacturers.
For devices fueled by Mediatek, details on the latest security fixes are available on the chip Seller’s bulletin.
This last update of Android security covers vulnerabilities with an impact on Android 13 to 16, although not all faults impose on each version of the mobile operating system.
The recommended action consists in going to the level of the security fix 2025-09-01 or 2025-09-05 by sailing Settings> System> Software updates> System update> and click onUpdate.
Users executing Android 12 and earlier should replace their device with a more recent model which is actively supported or use a third -party Android distribution which incorporates the latest security updates.
Samsung also published his September maintenance update For its flagship devices, including fixes for defects specific to its personalized components, such as a user interface.
