Google has released the August 2025 Android security update, addressing six security flaws, including two serious vulnerabilities in Qualcomm components that were actively exploited in targeted attacks.
The two key issues, tracked as CVE-2025-21479 and CVE-2025-27038, were first reported to Google’s Android Security team in January 2025.
- CVE-2025-21479 is a flaw in the Graphics Framework that could allow unauthorized commands to corrupt memory within the GPU micronode.
- CVE-2025-27038 is a use-after-free vulnerability in the Adreno GPU drivers, which can also lead to memory corruption, particularly when rendering graphics in Google Chrome.
Qualcomm had warned in June 2025 that these vulnerabilities, along with another one, were already being used in limited, targeted attacks, as reported by Google’s Threat Analysis Group. The company pushed out patches to hardware makers back in May, urging them to roll out fixes quickly.
The Cybersecurity and Infrastructure Security Agency (CISA) also flagged the two critical bugs in its list of actively exploited vulnerabilities on June 3, requiring federal agencies to secure affected systems by June 24.
Along with these, Google’s update also addresses a critical bug in the Android System component. This flaw can be exploited without any special permissions or user action, potentially allowing attackers to perform remote code execution when combined with other issues.
Google released two patch levels for this month:
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
- 2025-08-01 includes basic security fixes.
- 2025-08-05 includes all previous fixes plus updates for closed-source components like third-party and kernel drivers.
These updates are already available for Google Pixel devices. However, other phone manufacturers may take more time to adapt and release the updates based on their hardware requirements.
