As part of the monthly fixes for September 2025, Google has sent out a security update to address 120 security flaws in the Android operating system.
The vulnerabilities are listed below –
CVE-2025-38352 (CVSS score: 7.4) – Privilege escalation flaw in Linux kernel component CVE-2025-48543 (CVSS score: N/A) – Privilege escalation flaw in Android runtime component
Google said both vulnerabilities could lead to local escalation of privileges without requiring additional execution privileges. He also noted that exploitation does not require user interaction.
The tech giants did not reveal how the issues were weaponized in actual attacks and whether they were used in tandem, but acknowledged that there were signs of “limited, targeted exploitation.”
Benoît Sevens, Google’s Threat Analysis Group (TAG), has been acknowledged to have discovered and reported defects in the upstream Linux kernel, indicating that it may have been abused as part of a targeted spyware attack.
Also patched by Google are several remote code execution, privilege escalation, information disclosure, and denial of service vulnerabilities affecting frameworks and system components.
Google has released two security patch levels, 2025-09-01 and 2025-09-05, giving Android partners flexibility and dealing with some of the similar vulnerabilities on all Android devices more quickly.
“We recommend that Android partners fix all issues with this bulletin and use the latest security patch levels,” Google says.
Last month, tech giant Google released a security update to resolve two Qualcomm vulnerabilities: CVE-2025-21479 (CVSS score: 8.6) and CVE-2025-27038 (CVSS score: 7.5).
Source link
