What are the most critical vulnerabilities in the August 2025 Android Security Bulletin?

The most critical vulnerability is CVE-2025-21479 with a CVSS score of 8.6, classified as Critical by Google. It affects Qualcomm closed-source components and has been reported as exploited in the wild by Qualcomm. Another notable vulnerability is CVE-2025-27038 (CVSS 7.5) affecting Qualcomm Display components, also reported as exploited in the wild.

Are any of the August 2025 Android vulnerabilities currently under active exploitation?

Google reports that none of the vulnerabilities addressed in this month's security update are currently under active exploitation. However, two vulnerabilities (CVE-2025-21479 and CVE-2025-27038) were previously reported as exploited in the wild by Qualcomm.

Which Android versions are affected by the August 2025 security vulnerabilities?

The Android Framework vulnerabilities affect multiple Android versions: CVE-2025-22441 affects Android versions 13, 14, and 15, while CVE-2025-48533 affects Android versions 13, 14, 15, and 16. Other vulnerabilities affect specific hardware components from Qualcomm and Arm Mali.

Advisory

Google releases August 2025 Android Security Update, patches six vulnerabilities, two critical, two exploited

Q: What does Google's August 2025 Android Security Bulletin address?

Google's August 2025 Android Security Bulletin addresses six security vulnerabilities affecting Android devices. This is the lowest vulnerability count in months, following an unprecedented July 2025 bulletin that contained no security patches whatsoever.

Q: How do Android users receive these security updates?

The deployment of security updates varies significantly across different manufacturers, as third-party Android device makers release security patches according to their own schedules after customizing operating system updates for their specific hardware. Android users are encouraged to verify their device's security patch level and ensure they receive the latest updates.

published: Aug. 5, 2025

Take action: This patch has evolved from trivial to a very important one. There are two critical flaws patched and two actively exploited flaws patched in Qualcomm chips. So don't ignore this update, check with your phone vendor and update when there's an update. Depending on the vendor you might wait for some weeks/months before the update is released for your phone.

Learn More

Google has released its August 2025 Android Security Bulletin addressing only six security vulnerabilities affecting Android devices. This is the lowest vulnerability count in months. This update follows an unprecedented July 2025 bulletin that contained no security patches whatsoever.

Vulnerabilities summary

CVE-2025-48530 (CVSS score N/A, Google classified as Critical) - A remote code execution (RCE) vulnerability in the Android System.
CVE-2025-21479 (CVSS score 8.6, Google classified as Critical) - Critical-severity vulnerability affecting Qualcomm closed-source components - reported as exploited in the wild by Qualcomm
CVE-2025-0932 (CVSS score 7.8, Google classified as High ) - High-severity vulnerability affecting Arm Mali components
CVE-2025-27038 (CVSS score 7.5, Google classified as High ) - High-severity vulnerability in Qualcomm Display components - reported as exploited in the wild by Qualcomm
CVE-2025-22441 (CVSS score N/A, Google classified as High ) - High-severity elevation of privilege vulnerability in the Android Framework component, affecting Android versions 13, 14, and 15
CVE-2025-48533 (CVSS score N/A, Google classified as High ) - High-severity elevation of privilege vulnerability in the Android Framework component, affecting Android versions 13, 14, 15, and 16

Google reports that none of the vulnerabilities addressed in this month's security update are currently under active exploitation.

Google has committed to releasing source code patches for all six vulnerabilities to the Android Open Source Project (AOSP) repository within 48 hours of the bulletin publication.

The actual deployment to devices will vary significantly across different manufacturers, as third-party Android device makers release security patches according to their own schedules after customizing operating system updates for their specific hardware.

Android users are encouraged to verify their device's security patch level and ensure they receive the latest updates.

Google releases August 2025 Android Security Update, patches six vulnerabilities, two critical, two exploited

Read More
Microsoft December 2025 patch Tuesday fixes one actively …
Microsoft releases massive July patch addressing 142 flaws, …
Researchers report on "SinkClose" flaw in AMD CPUs …
TeamViewer reports two nearly critical flaws in Windows …
Microsoft Defender RedSun Zero-Day Exploit Grants SYSTEM Privileges