Google has released security updates to address multiple security flaws in Android, including fixes for two Qualcomm bugs that were flagged as actively exploited in the wild.
The vulnerabilities include CVE-2025-21479 (CVSS score: 8.6) and CVE-2025-27038 (CVSS score: 7.5), both of which were disclosed alongside CVE-2025-21480 (CVSS score: 8.6), by the chipmaker back in June 2025.
CVE-2025-21479 relates to an incorrect authorization vulnerability in the Graphics component that could lead to memory corruption due to unauthorized command execution in GPU microcode.
CVE-2025-27038, on the other hand, use-after-free vulnerability in the Graphics component that could result in memory corruption while rendering graphics using Adreno GPU drivers in Chrome.
There are still no details on how these shortcomings have been weaponized in real-world attacks, but Qualcomm noted at the time that “there are indications from Google Threat Analysis Group that CVE-2025-21479, CVE-2025-21480, CVE-2025-27038 may be under limited, targeted exploitation.”
Given that similar flaws in Qualcomm chipsets have been exploited by commercial spyware vendors like Variston and Cy4Gate in the past, it’s suspected that the aforementioned shortcomings may also have been abused in a similar context.
The three vulnerabilities have since been added to the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to apply the updates by June 24, 2025.
Google’s August 2025 patch also resolves two high-severity privilege escalation flaws in Android Framework (CVE-2025-22441 and CVE-2025-48533) and a critical bug in the System component (CVE-2025-48530) that could result in remote code execution when combined with other flaws without requiring any additional privileges or user interaction.
The tech giant has made available two patch levels, 2025-08-01 and 2025-08-05, with the latter also incorporating fixes for closed-source and third-party components from Arm and Qualcomm. Android device users are advised to apply the updates as and when they become available to stay protected against potential threats.
