Android Security Update: Critical Patch for Actively Exploited 0-Day Vulnerabilities

In response to the discovery of actively exploited 0-day vulnerabilities, Google has released its September 2025 Android Security Bulletin, implementing patch level 2025-09-05 to protect millions of devices. The bulletin highlights critical issues within both System and Kernel components, stressing the urgency of immediate updates to mitigate risks associated with remote code execution. Key fixes include CVE-2025-38352, a zero-interaction Remote Code Execution (RCE) vulnerability in the Android System component, and CVE-2025-48543, a High-severity Elevation of Privilege (EoP) flaw in the Android Kernel. The RCE vulnerability allows attackers to execute code without user interaction, while the EoP flaw could enable local code to gain root-level permissions, bypassing essential security measures.

Users are strongly advised to ensure their devices are updated to at least patch level 2025-09-05 and to apply updates immediately. Google has notified Android partners in advance, allowing Original Equipment Manufacturers (OEMs) to integrate necessary kernel patches into upcoming device updates. Source code patches for CVE-2025-38352 are now available in the Android Open Source Project (AOSP) repository, with direct links expected within 48 hours. This coordinated effort underscores Google’s commitment to proactive vulnerability management and rapid response to emerging threats, emphasising the importance of maintaining the integrity of Android’s security posture. 

Categories: Android Security Updates, Vulnerability Management, Remote Code Execution Risks 

Tags: Android, Security, Bulletin, Vulnerabilities, Patch, Remote, Code, Execution, Elevation, Privilege