Google this week rolled out fixes for a total of 111 unique CVEs as part of the September 2025 set of Android patches, including exploited zero-days.
The exploited vulnerabilities, both privilege escalation issues, impact the Android Runtime (CVE-2025-48543) and Linux kernel (CVE-2025-38352).
“There are indications that the following may be under limited, targeted exploitation: CVE-2025-38352, CVE-2025-48543,” Google’s advisory reads.
Fixes for the Linux kernel bug, a race condition related to the handling of POSIX CPU timers, were announced in July, and all major distributions appear to have been patched.
While there are no reports of the vulnerability’s exploitation prior to Google’s fresh warning, it was reported by Benoît Sevens of Google’s Threat Analysis Group (TAG), which suggests that it might have been exploited in spyware attacks.
Google’s advisory provides no details on the Android Runtime security defect, other than its impact on the Android Open Source Project (AOSP) 13, 14, 15, and 16 releases.
The Android Runtime zero-day has been resolved as part of the 2025-09-01 security patch level, which addresses 58 other bugs in Framework, System, and Widevine DRM.
The most severe of these, Google warns, is a critical-severity remote code execution defect in the System component (CVE-2025-48539) that can be exploited without additional privileges required.
Devices updated to the 2025-09-05 security patch level will also receive fixes for the Linux kernel bug, as well as for 51 other issues affecting the Linux kernel and Arm, Imagination Technologies, MediaTek, and Qualcomm components.
This month, Google rolled out a fresh round of Pixel security updates that resolve 23 vulnerabilities specific to these devices, as well as all the bugs identified in Android’s September 2025 security bulletin.
All the vulnerabilities described in the Android bulletin have been resolved with Wear OS, Pixel Watch, and Automotive OS updates as well. The Wear OS and Pixel Watch updates contain fixes for two and one additional security defects, respectively.
Users are advised to update their devices to a security patch level of 2025-09-05 as soon as it becomes available for them.
Related: In Other News: Iranian Ships Hacked, Verified Android Developers, AI Used in Attacks
Related: Anatsa Android Banking Trojan Now Targeting 830 Financial Apps
Related: Android’s August 2025 Update Patches Exploited Qualcomm Vulnerability
Related: Iranian APT Targets Android Users With New Variants of DCHSpy Spyware
