288/68 Friday, August 8, 2025
Google has released the August 2025 Android security update, addressing multiple vulnerabilities — including two severe flaws in Qualcomm chipsets that have reportedly been exploited in the wild. Notably, the update patches CVE-2025-21479 (CVSS score 8.6) and CVE-2025-27038 (CVSS score 7.5), both of which impact Adreno GPU drivers used in numerous Android devices.
According to Google’s Threat Analysis Group, these vulnerabilities were exploited in limited, targeted attacks. Qualcomm had issued patches to OEMs (Original Equipment Manufacturers) as early as May, urging immediate deployment. CVE-2025-21479 and the related CVE-2025-21480 involve incorrect authorization issues that can lead to memory corruption during the execution of GPU micronode commands. Meanwhile, CVE-2025-27038 is a use-after-free vulnerability that occurs when rendering graphics via the Adreno driver in Chrome.
Additionally, the update includes a patch for CVE-2025-48530, a critical vulnerability in the System component, which could allow for remote code execution without user interaction.
Google has provided the patches in two security patch levels: 2025-08-01 and 2025-08-05. The latter includes updates from both Arm and Qualcomm. Users are strongly advised to update their Android devices immediately to mitigate the risk of exploitation.
