Google’s September 2025 Android safety bulletin is out, tackling a number of high-risk vulnerabilities, together with 4 labeled important.
As per the corporate’s newest safety bulletin, the September 2025 Android safety replace tackles 84 vulnerabilities, two of that are already below lively exploitation. The zero-day flaws, tracked as CVE-2025-38352 and CVE-2025-48543, embody a kernel elevation-of-privilege bug and a runtime flaw that would allow malicious apps to flee sandbox protections and achieve elevated system entry. Customers are urged to use the patch instantly.
Google confirmed each flaws allow native privilege escalation, that means they do not require particular permissions or any motion from the consumer to be exploited. Whereas the corporate hasn’t revealed particular particulars concerning the in-the-wild assaults or if the vulnerabilities have been chained collectively, it acknowledged proof of “restricted, focused exploitation.”
The September safety patches sort out a number of high-severity vulnerabilities, starting from denial-of-service and knowledge disclosure flaws to privilege escalation dangers, together with one distant code execution bug. The replace additionally resolves points in elements from Qualcomm, MediaTek, Arm, and Creativeness Applied sciences. 4 of the patched vulnerabilities are rated important.
Extra vulnerabilities may let attackers run code remotely
Past the 2 exploited zero-days, this month’s Android replace tackles 4 important vulnerabilities. Essentially the most extreme is CVE-2025-48539, a distant code execution bug within the Android System. An attacker inside Bluetooth or Wi-Fi vary may exploit this to run malicious code on a tool with no consumer interplay or particular privileges required.
A notification to put in these safety updates ought to seem quickly in your Android cellphone. This month’s patches cowl AOSP variations 13 by way of 16, with construct dates 2025-09-01 and 2025-09-05. For full protection of all fixes, be sure you set up the 2025-09-05 patch.
Whereas Google rolls out patches for Pixel telephones and the core AOSP code, manufacturers like Samsung, Motorola, and Nokia push their very own updates for his or her units.
To verify for updates, go to Settings > Safety & Privateness > System & Updates > Safety Replace, then comply with the prompts to obtain and set up any out there patch.