Urgent: Google Patches Actively Exploited Flaws in Android Devices

Google has released a series of urgent security updates for Android, addressing multiple critical vulnerabilities, including two actively exploited flaws within Qualcomm components. This round of patches places particular emphasis on CVE-2025-21479 (rated 8.6 on the CVSS scale) and CVE-2025-27038 (rated 7.5), both of which were disclosed by Qualcomm in June 2025. A third vulnerability, CVE-2025-21480, also carries a similarly high severity.

Among the most perilous is CVE-2025-21479, a flaw rooted in improper authorization within the graphics module. It enables an attacker to corrupt memory by sending unauthorized commands to be executed within the GPU’s microcode. CVE-2025-27038, meanwhile, is a use-after-free vulnerability in the same module, capable of triggering memory corruption during rendering processes via Adreno GPU drivers—commonly leveraged by browsers like Chrome on Android. CVE-2025-21480 presents a comparable risk.

While technical specifics regarding real-world exploitation remain undisclosed, Qualcomm has cited intelligence from Google’s Threat Analysis Group indicating that all three vulnerabilities may have been weaponized in targeted attacks with a narrow scope of victims. Historically, similar flaws in Qualcomm chipsets have been exploited by commercial surveillance frameworks such as Variston and Cy4Gate. Consequently, security experts suspect that these newly discovered vulnerabilities could have been employed in a similar fashion—for covert surveillance or unauthorized access.

All three issues have been added to the Known Exploited Vulnerabilities (KEV) catalog maintained by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), thereby mandating all federal agencies to apply the relevant updates no later than June 24, 2025.

Beyond the Qualcomm-related flaws, Google’s August security bulletin addresses two additional high-severity vulnerabilities within the Android Framework—CVE-2025-22441 and CVE-2025-48533—both of which could facilitate privilege escalation. A critical vulnerability within the System component, CVE-2025-48530, was also resolved; it could allow remote code execution when combined with other flaws, without requiring elevated privileges or user interaction.

Google has issued two tiers of security updates—2025-08-01 and 2025-08-05—to accommodate various devices. The latter not only includes standard patches but also remediates vulnerabilities in proprietary and third-party components provided by Arm and Qualcomm. All Android device owners are strongly advised to install the latest firmware updates promptly to mitigate the risk of exploitation. Delaying the installation may leave devices exposed, granting attackers a critical window of opportunity to exploit these flaws before full deployment of patches across the ecosystem.