Cyber Security News
sysops

Google has released the Android Security Bulletin for May 2025, addressing multiple vulnerabilities, including a high-severity remote code execution flaw that is actively being exploited in the wild. 

The most severe issue identified in the May 2025 security patch is CVE-2025-27363, a high-severity vulnerability in the System component. 

This flaw could lead to local code execution with no additional execution privileges needed,d and user interaction is not needed for exploitation. 

Security researchers urge all Android users to update their devices immediately to protect against these potential threats.

Active Exploitation of High-Severity Android Flaw (CVE-2025-27363)

Google has confirmed that there are “indications that CVE-2025-27363 may be under limited, targeted exploitation”. 

This acknowledgment of active exploitation elevates the urgency for users to apply the security patch as soon as possible. According to the patch details provided in the security bulletin, the vulnerability affects Android versions 13 and 14. 

Technical analysis reveals that CVE-2025-27363 stems from an out-of-bounds write vulnerability in the FreeType font rendering library, specifically in versions 2.13.0 and earlier.

The vulnerability exists when the system attempts to parse font subglyph structures related to TrueType GX and variable font files.

Security experts explain that “the vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer”. 

This memory corruption can potentially result in arbitrary code execution. This vulnerability is particularly concerning since FreeType is widely used, with deployment on over a billion devices across various products.

Risk FactorsDetailsAffected ProductsFreeType library versions ≤2.13.0ImpactArbitrary code execution via memory corruptionExploit Prerequisites– Vulnerable FreeType version- Processing malicious TrueType GX/variable font files- No user interaction requiredCVSS 3.1 Score8.1 (High)

Google’s Security Patch Levels

Google has implemented security patch levels to help users and manufacturers identify which vulnerabilities have been addressed. 

The security patch level 2025-05-05 or later addresses this critical vulnerability and other security issues identified in the bulletin.

Android users are strongly encouraged to check their device’s security patch level and update immediately. This can be done by following these steps:

Go to Settings.

Select About phone.

Check the Android version and Security patch level.

For devices running Android 10 or later, users can also check for Google Play system updates, which may include security patches for some components.

The May 2025 Android Security Bulletin demonstrates the ongoing need for vigilance in mobile security and the importance of keeping devices updated with the latest security patches.

Setting Up SOC Team? – Download Free Ultimate SIEM Pricing Guide (PDF) For Your SOC Team -> Free Download

Related Posts

A significant vulnerability has been discovered in Apache ActiveMQ, the widely used open-source message broker.  The flaw, officially tracked as…

Apple has released critical security updates to address a zero-day vulnerability actively exploited in attacks targeting iPhone users.  The flaw,…

A recently identified vulnerability in the Brave browser has raised significant security concerns for its users. The issue, tracked as…