Google Addresses Actively Exploited Android Vulnerabilities (CVE-2025-48543, CVE-2025-38352)

Google has addressed over 100 vulnerabilities in Android, including CVE-2025-48543 and CVE-2025-38352, which are reportedly under “limited, targeted exploitation.” Among the critical flaws fixed is CVE-2025-48539, a vulnerability in the System component that could enable remote code execution without requiring additional execution privileges or user interaction. CVE-2025-48543 impacts the Android Runtime, while CVE-2025-38352 involves a race condition in the Linux kernel. Both vulnerabilities allow for local privilege escalation without user interaction, raising concerns about their potential use in delivering mercenary spyware to high-risk individuals.

To mitigate these risks, all Android users are strongly advised to implement the available fixes promptly. Google has released security updates for its Pixel phones, addressing both Pixel-specific issues and those outlined in the September 2025 Android Security Bulletin. Samsung has also issued a maintenance release for major flagship models, rectifying both vulnerabilities along with several others identified by Google. Meanwhile, Motorola’s September 2025 security patch includes a fix for CVE-2025-48543 but does not address CVE-2025-38352. Users are encouraged to subscribe to breaking news alerts to stay informed about the latest cybersecurity threats and vulnerabilities. 

Categories: Android Vulnerabilities, Security Updates, Exploitation Risks 

Tags: Android, Vulnerabilities, CVE-2025-48543, CVE-2025-38352, Exploitation, Code Execution, Privilege Escalation, Security Updates, Google, Spyware