Google has issued its September 2025 Android Security Bulletin, a critical update that addresses multiple vulnerabilities across the platform. Most importantly, the bulletin confirms that two zero-day flaws are being actively exploited in the wild, highlighting the urgent need for users to apply the latest patches.
Devices running patch level 2025-09-05 or later are protected against these threats. As always, Google has coordinated with Android partners to ensure timely disclosure and mitigation across the ecosystem.
Zero-Day Flaws Under Active Attack

CVE-2025-38352 – Kernel Elevation of Privilege
-
Component: Linux Kernel (CPU timers subsystem)
-
Impact: Exploitable race condition allowing attackers to escalate privileges and potentially destabilize the device.
-
Severity: High
-
Notes: This flaw originates upstream in the Linux kernel. Though it was patched earlier in kernel releases, exploitation attempts against Android systems have only recently been confirmed.
CVE-2025-48543 – Android Runtime Elevation of Privilege
-
Component: Android Runtime (ART)
-
Impact: A malicious application could escape its sandbox and execute with elevated privileges.
-
Severity: High
-
Affected Versions: Android 13, 14, 15, and 16
-
Notes: Evidence shows targeted exploitation in the wild, though attack methods remain undisclosed.
Both flaws are considered dangerous because they require no additional execution rights or user interaction, making them ideal for stealthy exploitation.
Summary Table
Category |
Details |
---|---|
Patch Levels |
2025-09-01 (partial) and 2025-09-05 (complete) |
Zero-Days Patched |
CVE-2025-38352 (Kernel), CVE-2025-48543 (Android Runtime) |
Severity |
High (Elevation of Privilege) |
Total Vulnerabilities |
84-120 |
Affected Android Versions |
Android 13, 14, 15, 16 |
Source Code Release |
Patches pushed to AOSP within 48 hours |
Official Bulletin |
Broader Patch Coverage
Beyond the zero-days, the September update resolves a wide range of other security problems. Key points include:
-
Total vulnerabilities patched: Around 84-120 depending on device configuration.
-
Additional components affected: Android Framework, System, and third-party hardware elements.
-
Patch levels released:
-
2025-09-01: Covers a subset of vulnerabilities, primarily framework and system.
-
2025-09-05: Includes all fixes plus kernel and vendor-specific patches.
-
-
Source code release: Fixes will be published to the Android Open Source Project (AOSP) within 48 hours of bulletin publication.
-
Partner notifications: Manufacturers were alerted at least one month prior to public disclosure, consistent with Google’s responsible vulnerability handling policies.
Why This Update Matters
Android remains the most widely used mobile operating system, which makes it a frequent target for sophisticated attackers. Elevation-of-privilege exploits are especially valuable because they allow adversaries to bypass sandbox protections and gain deeper access to the system.
The fact that both CVEs are being actively exploited demonstrates a coordinated effort by attackers. Left unpatched, devices could be exposed to surveillance, data theft, or malware installation without the user’s awareness.
What Users Should Do
-
Verify Security Patch Level
-
Go to Settings > About Phone > Android Version > Android Security Update.
-
Ensure the date is September 5, 2025 or later.
-
-
Update Immediately
-
Install available updates as soon as possible. Pixel users typically receive them first, while other OEM devices may follow on staggered timelines.
-
-
Upgrade to the Latest Android Version
-
Newer Android versions include improved mitigations like memory safety and runtime hardening that make exploitation more difficult.
-
-
Keep Play Protect Enabled
-
Google Play Protect provides ongoing monitoring against malicious applications and should remain active.
-
-
Avoid Delays from OEM Rollouts
-
If your device is not receiving updates promptly, consider switching to a manufacturer with better update support, or use Google’s Pixel line for immediate coverage.
-
Frequently Asked Questions
Q1: Which devices are most at risk?
A. All devices running Android 13 through 16 are potentially vulnerable, especially those without the September 2025 patch.
Q2: Why are there two patch levels this month?
A. Google issues dual patch levels (-09-01 and -09-05) so manufacturers can implement fixes at different stages. The later level always includes all previous patches.
Q3: What happens if I don’t update?
A. Devices without the patch may remain exposed to active exploits, potentially allowing attackers to steal data or install malware silently.
Q4: How does Google protect users beyond patches?
A. In addition to monthly updates, Google provides Play Protect scanning, runtime mitigations, and real-time monitoring through its Threat Analysis Group.
Q5: How soon will the fixes appear in AOSP?
A. Google has confirmed that the source patches will be published within 48 hours of the bulletin release.
Conclusion
The September 2025 Android Security Bulletin underscores the continuing arms race between attackers and defenders in mobile security. By addressing two actively exploited zero-day vulnerabilities alongside dozens of other issues, Google highlights the importance of fast patch adoption.
For More Information Click HERE