Latest Cyber Security News

You are here: Home / General Cyber Security News / Google Fixes Actively Exploited Android System Flaw in May 2025 Security Update
May 6, 2025

Google has released its monthly security updates for Android with fixes for 46 security flaws, including one vulnerability that it said has been exploited in the wild.

The vulnerability in question is CVE-2025-27363 (CVSS score: 8.1), a high-severity flaw in the System component that could lead to local code execution without requiring any additional execution privileges.

“The most severe of these issues is a high security vulnerability in the System component that could lead to local code execution with no additional execution privileges needed,” Google said in a Monday advisory. “User interaction is not needed for exploitation.”

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


It’s worth noting that CVE-2025-27363 is rooted in the FreeType open-source font rendering library. It was first disclosed by Facebook in March 2025 as having been exploited in the wild.

Cybersecurity

The shortcoming has been described as an out-of-bounds write flaw that could result in code execution when parsing TrueType GX and variable font files. The issue has been remediated in FreeType versions higher than 2.13.0.

“There are indications that CVE-2025-27363 may be under limited, targeted exploitation,” Google acknowledged in its security bulletin. The exact specifics of the attacks are presently unknown.

Google’s May update also resolves eight other flaws in the Android System and 15 flaws in the Framework module that could be abused to facilitate privilege escalation, information disclosure and denial-of-service.

“Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform,” the company said. “We encourage all users to update to the latest version of Android where possible.”

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.


Some parts of this article are sourced from:
thehackernews.com

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *