Google has issued security updates to fix several vulnerabilities in Android, including two Qualcomm flaws that have reportedly been actively exploited in the wild.
The affected vulnerabilities include CVE-2025-21479 (CVSS score: 8.6) and CVE-2025-27038 (CVSS score: 7.5), both of which were disclosed by Qualcomm in June 2025, along with CVE-2025-21480 (CVSS score: 8.6).
CVE-2025-21479 is an incorrect authorization issue in the Graphics component that may cause memory corruption due to unauthorized command execution in the GPU microcode. CVE-2025-27038 is a use-after-free vulnerability in the Graphics component that could result in memory corruption when rendering graphics using Adreno GPU drivers in Chrome.
Although the exact methods used to exploit these flaws in real-world attacks remain unclear, Qualcomm reported that Google's Threat Analysis Group observed signs suggesting CVE-2025-21479, CVE-2025-21480, and CVE-2025-27038 might be under limited, targeted exploitation.
Due to the history of similar vulnerabilities being used by commercial spyware vendors such as Variston and Cy4Gate, security experts believe these flaws may have been exploited in comparable scenarios. All three vulnerabilities have been added to the U.S. Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, which requires federal agencies to apply the patches by June 24, 2025.
In addition, Google’s August 2025 security update addresses two high-severity privilege escalation bugs in the Android Framework (CVE-2025-22441 and CVE-2025-48533), as well as a critical vulnerability in the System component (CVE-2025-48530) that could allow remote code execution when chained with other flaws, even without extra privileges or user input.
Two patch levels have been released: 2025-08-01 and 2025-08-05. The latter includes fixes for closed-source and third-party components from Qualcomm and Arm. Android users are strongly encouraged to install these updates as soon as they are available to ensure continued protection from emerging threats.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
