Google has released a security update to address multiple security flaws in Android. This includes fixes for two Qualcomm bugs that were flagged as actively exploited in the wild.
Vulnerabilities include CVE-2025-21479 (CVSS score: 8.6) and CVE-2025-27038 (CVSS score: 7.5). Both were disclosed in line with CVE-2025-21480 (CVSS score: 8.6).
CVE-2025-21479 is related to a false authorization vulnerability in a graphical component that could lead to memory corruption due to incorrect command execution in GPU microcode.
Meanwhile, CVE-2025-27038 is a wasteful vulnerability in the graphics components that can lead to memory corruption while rendering graphics using chrome’s adreno GPU driver.
There is no further details yet about how these shortcomings are weaponized in actual attacks, but Qualcomm said, “There are signs of CVE-2025-21479, CVE-2025-21480, CVE-2025-27038 that may be limited, CVE-2025-21479, CVE-2025-21480.”
Given that similar flaws in the Qualcomm chipsets have been exploited in the past by commercial spyware vendors such as Variston and Cy4Gate, it is suspected that the aforementioned drawbacks may have been abused in a similar context.
Three vulnerabilities have since been added to the US Cybersecurity and Infrastructure Security Agency (CISA) to the known exploited vulnerabilities (KEV) catalog and require that the update be applied to federal agencies by June 24, 2025.
Google’s August 2025 patch also resolves two high-strength privilege escalation flaws in the Android framework (CVE-2025-22441 and CVE-2025-48533) and two high-brugs in the system components (CVE-2025-48530).
Tech Giant makes available two patch levels, 2025-08-01 and 2025-08-05, with the latter also incorporates fixed fixed sources and third-party components for ARM and Qualcomm. Android device users are advised to apply updates when they become available to remain protected from potential threats.
Source link
