Google has rolled out security updates for September 2025, addressing more than 120 vulnerabilities in its Android operating system. Among these, at least two flaws have been exploited in targeted attacks, underscoring the ongoing risks posed by mobile spyware and advanced threat actors.

Key Vulnerabilities Patched

The September 2025 updates include:

• CVE-2025-38352 (CVSS 7.4) – A privilege escalation flaw in the Linux Kernel component.
• CVE-2025-48543 (CVSS pending) – A privilege escalation flaw in the Android Runtime component.
  

Both bugs allow local escalation of privilege without additional execution privileges or user interaction. Google confirmed "limited, targeted exploitation," though it withheld details on how the flaws were weaponized.

According to Google’s Threat Analysis Group (TAG), researcher Benoît Sevens reported the Linux Kernel flaw, hinting at its possible use in targeted spyware campaigns.

In addition, the September patches include fixes for vulnerabilities across Android Framework and System components, addressing issues like remote code execution (RCE), information disclosure, and denial-of-service (DoS).

Google has released two patch levels 2025-09-01 and 2025-09-05 giving Android partners flexibility to roll out fixes incrementally while urging them to patch all listed vulnerabilities.

Qualcomm Vulnerabilities Under Active Exploitation

This follows Google’s August 2025 update, which fixed critical flaws in Qualcomm components, including:

• CVE-2025-21479 (CVSS 8.6) – Incorrect authorization in the Graphics component, leading to GPU memory corruption.
• CVE-2025-27038 (CVSS 7.5) – A use-after-free vulnerability in Adreno GPU drivers that could trigger memory corruption.
• CVE-2025-21480 (CVSS 8.6) – Related Graphics vulnerability disclosed by Qualcomm in June 2025.

These vulnerabilities were flagged as actively exploited in the wild by both Qualcomm and Google TAG. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) subsequently added them to its Known Exploited Vulnerabilities (KEV) catalog, mandating federal agencies to patch them by June 24, 2025.

Given past exploitation of Qualcomm chip flaws by commercial spyware vendors like Variston and Cy4Gate, security researchers suspect similar abuse may already be occurring with these latest issues.

What Organizations and Users Should Do

With Android powering billions of devices worldwide, these recurring vulnerabilities highlight the need for proactive cybersecurity. Organizations and individuals should:

1. Apply Security Updates Promptly – Install the latest Android patch levels (2025-09-01 / 2025-09-05) as soon as available.
2. Conduct Regular Vulnerability Assessments – Ensure that devices, especially those handling sensitive data, are reviewed for unpatched flaws.
3. Leverage Managed Security Services – Continuous monitoring can help detect signs of spyware or privilege escalation attempts.
4. Educate Employees & Users – Training through platforms like our Cyber Protection Academy helps individuals recognize early warning signs of mobile threats.
5. Adopt Compliance & Regulatory Best Practices – Aligning with frameworks like NIST CSF, GDPR, and NDPR ensures resilience against emerging threats.

At CyberTech Nexus, we support businesses and individuals through a full suite of services from Incident Response & Recovery to Penetration Testing, Personal Data Security, and Cybersecurity Recruitment Services. As mobile threats grow more sophisticated, safeguarding digital environments requires both timely patching and strategic security planning.

Conclusion

The September 2025 Android update demonstrates that zero-day and n-day exploits remain a powerful tool in the hands of attackers. With spyware operators actively leveraging privilege escalation and graphics vulnerabilities, organizations must act swiftly to patch systems and reinforce mobile defenses.

References

• Google. Android Security Bulletin – September 2025.
• Google TAG (Benoît Sevens). Disclosure of Linux Kernel Privilege Escalation Flaw.
• Qualcomm Security Advisories. GPU Vulnerabilities CVE-2025-21479, CVE-2025-21480, CVE-2025-27038.
• CISA. Known Exploited Vulnerabilities Catalog.