Google Patches 120 Android Vulnerabilities, Two Actively Exploited in Targeted Attacks

Google has released its September 2025 security updates for Android, addressing a total of 120 vulnerabilities. Among these, two have been actively exploited in targeted attacks, underscoring the critical nature of these updates. The vulnerabilities include CVE-2025-38352, a privilege escalation flaw in the Linux Kernel component with a CVSS score of 7.4, and CVE-2025-48543, for which the CVSS score is not yet available. Privilege escalation vulnerabilities are particularly concerning as they can allow attackers to gain elevated access to a system, potentially leading to full system compromise.

The high number of vulnerabilities patched in this update highlights the complexity and extensive attack surface of the Android ecosystem. The active exploitation of two of these vulnerabilities in targeted attacks emphasizes the immediate risk and the necessity for prompt patching. Cybersecurity professionals must prioritize the application of these updates to mitigate potential threats.

The Linux Kernel vulnerability (CVE-2025-38352) is of particular note due to its high CVSS score of 7.4, indicating a significant risk. The kernel is a fundamental component of the operating system, and vulnerabilities here can have wide-ranging impacts, potentially affecting not only Android devices but any system running the affected kernel version. The absence of a CVSS score for CVE-2025-48543 does not diminish its severity, given its active exploitation in the wild.

For cybersecurity teams, the immediate action is to ensure that all Android devices are updated to the latest security patch. Automated patch management solutions can be invaluable for organizations managing a large number of devices, ensuring timely and consistent updates. Additionally, teams should monitor their networks for any signs of exploitation of these vulnerabilities.

This update serves as a reminder of the ongoing challenges in securing complex systems like Android. It underscores the importance of a robust vulnerability management program and the need for organizations to have processes in place to quickly apply critical updates. The mention of targeted attacks suggests that these vulnerabilities are being used in specific, possibly high-value attacks, indicating a focus by threat actors on particular targets such as enterprises, government entities, or high-profile individuals.

In conclusion, the September 2025 Android security update is a critical release that addresses significant vulnerabilities, two of which are being actively exploited. Cybersecurity professionals must act swiftly to apply these updates and protect their systems from potential exploitation.