Google has released its August 2025 Android security update, addressing several serious vulnerabilities — including two high-risk flaws in Qualcomm chips that are being actively exploited in the wild.
These critical bugs, tracked as CVE-2025-21479 (CVSS score: 8.6) and CVE-2025-27038 (CVSS score: 7.5), were originally disclosed by Qualcomm in June 2025. Another related vulnerability, CVE-2025-21480 (CVSS score: 8.6), was also shared in the same advisory. All three flaws affect the Graphics component used in Android devices powered by Qualcomm chipsets.
CVE-2025-21479 is described as an incorrect authorization vulnerability in the Graphics component. This flaw could lead to memory corruption due to unauthorized command execution in the GPU microcode. In simple terms, it allows attackers to send unauthorized commands to the graphics processor, potentially hijacking device operations.
CVE-2025-27038, on the other hand, is a use-after-free vulnerability, which happens when memory is accessed after it has been released. This flaw can also lead to memory corruption, especially when rendering graphics using Adreno GPU drivers in Google Chrome.
While Qualcomm did not release technical details on how these flaws are exploited, it acknowledged that Google’s Threat Analysis Group (TAG) believes these vulnerabilities are already being used in limited, targeted attacks in the real world. CVE-2025-21480, although not confirmed as exploited, is included in the same risk category due to its severity.
Although no specific threat actor has been linked to these attacks yet, experts warn that such bugs are often used by commercial spyware vendors. In the past, companies like Variston and Cy4Gate have exploited similar vulnerabilities in Qualcomm chipsets to surveil high-value targets like journalists, activists, or political figures.
This raises the possibility that these current flaws may also be part of sophisticated surveillance or cyber-espionage operations, especially given their limited and targeted exploitation pattern.
To underline the seriousness of the issue, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added all three vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. This means federal agencies are required to patch these vulnerabilities by June 24, 2025, to prevent cyberattacks on government systems.
In addition to the Qualcomm-related flaws, Google’s August 2025 patch addresses several other critical vulnerabilities, including:
-
CVE-2025-22441 and CVE-2025-48533: Two high-severity privilege escalation flaws in the Android Framework. These bugs could allow a local app to gain higher system privileges, essentially bypassing Android’s permission model.
-
CVE-2025-48530: A critical remote code execution flaw in the System component. If chained with other issues, this bug could allow an attacker to remotely take control of a device without needing special permissions or user interaction.
These vulnerabilities, if exploited, could lead to full device compromise, making them particularly dangerous for Android users who haven’t installed the latest updates.
Google has released two patch levels for August 2025:
-
2025-08-01: Includes the essential fixes for vulnerabilities affecting core Android components.
-
2025-08-05: Includes all the fixes from the first patch level, plus additional security patches for closed-source components and third-party libraries from Qualcomm and Arm.
Depending on your device manufacturer, your Android phone may receive either of these patch levels. Regardless, it is highly recommended to install the update as soon as it becomes available, especially if your device uses Qualcomm chips.
Google’s own Pixel devices are usually the first to receive these updates, while phones from other brands like Samsung, OnePlus, Xiaomi, and others may take longer due to additional testing and customizations.
-
Check for software updates in your Android phone’s settings under “System” > “Software Update.”
-
Install the latest security patches immediately, especially if you use a Qualcomm-powered phone.
-
Avoid clicking on unknown links or installing apps from untrusted sources, as some of these vulnerabilities could be triggered by malicious applications or websites.
-
If your phone no longer receives updates, consider upgrading to a newer, supported device.
The August 2025 Android security update is a critical release, especially in light of the actively exploited Qualcomm vulnerabilities. These flaws highlight the continued interest of sophisticated attackers in exploiting mobile chipsets and GPU components — a trend that could grow in the coming years.
For organizations, particularly those handling sensitive data or government communications, staying updated is not optional. These vulnerabilities could easily be leveraged for espionage, surveillance, or cyberattacks.
By patching promptly and practicing good cybersecurity hygiene, both individuals and enterprises can reduce their risk of falling victim to these sophisticated attacks.
Interesting Article : Akira Ransomware Exploits SonicWall VPNs in Likely Zero-Day Attack
Pingback: ShinyHunters Target Google in Massive Salesforce CRM CyberAttack