Google’s latest updates for the Android operating system patch more than 30 vulnerabilities, all classified as ‘high severity’.
The June 2025 Android security bulletin reveals that the most serious flaw, according to Google, is CVE-2025-26443, a local privilege escalation issue in the System component. Exploitation does not require additional privileges, but user interaction is needed.
Vulnerabilities that can lead to DoS attacks, privilege escalation, or information disclosure have been patched in Android’s Framework, System, and Runtime components, as well as in third-party components from Arm and Imagination Technologies.
The latest Android updates also address several high-severity vulnerabilities discovered in Qualcomm components.
However, the list of Qualcomm component CVEs does not include CVE-2025-21479, CVE-2025-21480 and CVE-2025-27038, which Qualcomm disclosed on Monday, warning customers about their malicious exploitation.
The three zero-day vulnerabilities were observed in targeted attacks by Google’s own Threat Analysis Group, but apparently the patches have yet to make it to the Android OS.
In the past, some of the Qualcomm chipset vulnerabilities discovered by Google researchers had been leveraged in spyware campaigns.
The latest Android updates will be pushed out by smartphone makers such as LGE, Motorola and Samsung to their own users. However, to date only Motorola has published an advisory for the latest vulnerabilities. Google has yet to publish its monthly advisory for Pixel phones.
Related: Google Ships Android ‘Advanced Protection’ Mode to Thwart Surveillance Spyware
Related: Android Update Patches FreeType Vulnerability Exploited as Zero-Day
Related: Android Update Patches Two Exploited Vulnerabilities
