Google has provided fixes for over 100 Android vulnerabilities, including CVE-2025-48543 and CVE-2025-38352, which “may be under limited, targeted exploitation.”
Among the fixed flaws is also CVE-2025-48539, a critical vulnerability in the System component that “could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed and no user interaction required.”
The exploited vulnerabilities
CVE-2025-48543 affects the Android Runtime – the application runtime environment used by Google’s mobile operating system. CVE-2025-38352 is a race condition in Android’s Linux kernel.
Both vulnerabilities could lead to local escalation of privilege with no additional execution privileges needed, and require no user interaction to be exploited.
Google did not share details about the attacks in which these vulnerabilities have been leveraged, but the wording they used – “limited, targeted exploitation” – makes it likely that they are being exploited to deliver mercenary spyware to very specific high-risk users.
Nevertheless, all Android would do well to implement the fixes as soon as possible.
Security updates from Google, Samsung and Motorola
Google has provided security updates for its Android-powered Pixel phones, which address Pixel-specific issues and all issues in the September 2025 Android Security Bulletin.
Samsung has released a maintenance release for major flagship models fixing both flaws (and many others fixed by Google this September).
Motorola’s September 2025 security patch updates include a fix for CVE-2025-48543, but not for CVE-2025-38352.
Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabilities and cybersecurity threats. Subscribe here!
