Full Report
Google has published its Android Security Bulletin for May 2025, delivering critical updates to the Android ecosystem. This monthly update resolves 46 vulnerabilities, one of which—CVE-2025-27363—has already been exploited in the wild. CVE-2025-27363, a high-severity vulnerability with a CVSS score of 8.1, lies at the core of Google's May 2025 Android Security Bulletin. Located in the Android System component, this flaw enables local code execution without requiring elevated privileges or user interaction, posing a serious risk to device integrity, particularly if platform and service mitigations are bypassed. The vulnerability, which stems from the widely used FreeType open-source font rendering library, was first identified by Facebook researchers in March 2025 and has since been observed in limited, targeted exploitation. Google described it as the most critical issue addressed in this update, stating, “The most severe of these issues is a high security vulnerability in the System component that could lead to local code execution with no additional execution privileges needed,” in its advisory released on May 5, 2025. Key Details from the May 2025 Android Security Bulletin The May bulletin breaks down the vulnerabilities into two patch levels: 2025-05-01 Security Patch Level 2025-05-05 Security Patch Level Devices that receive the 2025-05-05 update will also be protected from all previously disclosed issues. Highlights from the bulletin include 46 vulnerabilities addressed across core components like System, Framework, Kernel, and third-party hardware drivers. Android partners were informed at least a month in advance of the bulletin's publication. Source code patches will be released into the Android Open Source Project (AOSP) within 48 hours of publication. Other High-Severity Vulnerabilities Patched Apart from CVE-2025-27363, several other critical issues have been resolved. These include: Framework Vulnerabilities (Examples) CVE-2025-0087 — Elevation of Privilege (EoP) affecting Android versions 13, 14, and 15. CVE-2025-26426 — EoP issue impacting Android 13, 14, and 15. System Component Vulnerabilities CVE-2025-26420, CVE-2025-26421 — High-severity EoP bugs patched in multiple versions. CVE-2025-26430 — Local EoP affecting Android 15. Google Play System Updates Fixes for issues in: Documents UI Permission Controller WiFi subsystem Third-Party Component Vulnerabilities The bulletin also lists vulnerabilities tied to hardware vendors and chipset manufacturers. These include: Arm (Mali GPU Drivers) CVE-2025-0072 CVE-2025-0427 Imagination Technologies (PowerVR GPU) Multiple CVEs including CVE-2024-49739 and CVE-2024-47891 MediaTek CVE-2025-20666 — High-severity issue in MediaTek modem components Qualcomm Multiple issues including: CVE-2025-21467 and CVE-2025-21468 — High-risk flaws affecting camera and location services Vulnerabilities in closed-source Qualcomm components Google Play Protect and Platform-Level Defenses Google emphasizes the importance of Google Play Protect, which is: Enabled by default on devices with Google Mobile Services Designed to detect and warn users about Potentially Harmful Applications (PHAs) A vital layer of defense, especially for users installing apps from outside the Play Store In addition, Google notes that newer Android versions include enhanced mitigations that make exploitation harder. How to Check Your Security Patch Level Users can check and update their Android version to ensure they have the latest protection. Devices with the following patch strings are considered secure: [ro.build.version.security_patch]:[2025-05-01] [ro.build.version.security_patch]:[2025-05-05] Google encourages device manufacturers to bundle all fixes in a single OTA update for streamlined user security. Conclusion CVE-2025-27363 remains the only vulnerability in the May 2025 Android Security Bulletin confirmed to be actively exploited, highlighting the urgency for users to apply updates without delay, particularly those using Android 10 or later. Google has announced that corresponding patches will be made available in the Android Open Source Project (AOSP) within 48 hours. Users are strongly encouraged to check their device’s security patch level and install the latest updates as soon as they become available. Full technical details, patch information, and related resources can be found in the official Android Security Bulletin—May 2025 on the Android developer portal.
Analysis Summary
As a vulnerability research specialist, I have analyzed the provided context regarding the May 2025 Android Security Bulletin. Since the article focuses on a bulletin that fixes 46 vulnerabilities, but only provides high-level context about one specific, actively exploited flaw, my summary will focus on the details explicitly mentioned for that critical CVE.
# Vulnerability: Exploited Flaw in May 2025 Android Security Bulletin
## CVE Details
- CVE ID: CVE-2025-27363
- CVSS Score: **Not specified** (Severity inferred as High due to active exploitation)
- CWE: **Not specified**
## Affected Systems
- Products: Android OS (Devices running Android 10 or later are highlighted as urgent targets)
- Versions: Unspecified vulnerable versions prior to the May 2025 security patch levels.
- Configurations: Unknown; the flaw is related to issues in closed-source Qualcomm components.
## Vulnerability Description
CVE-2025-27363 is a vulnerability present in closed-source Qualcomm components. The bulletin confirms this specific flaw is **actively exploited** in the wild. Further technical details regarding the nature of the flaw (e.g., privilege escalation, RCE) are not provided in this summary document, though it impacts Android devices.
## Exploitation
- Status: **Actively exploited in the wild**
- Complexity: **Not specified** (Inferred Medium/High given active exploitation and vendor urgency)
- Attack Vector: **Not specified**
## Impact
- Confidentiality: **Not specified**
- Integrity: **Not specified**
- Availability: **Not specified**
*(Note: The lack of specific impact scores requires immediate patching for known exploited vulnerabilities regardless of the disclosed impact levels.)*
## Remediation
### Patches
Patches addressing CVE-2025-27363 are included in the May 2025 Android Security Bulletin.
- **Security Patch Levels considered secure:**
- `[ro.build.version.security_patch]:[2025-05-01]`
- `[ro.build.version.security_patch]:[2025-05-05]`
- **AOSP Availability:** Corresponding patches will be made available in the Android Open Source Project (AOSP) within 48 hours of the bulletin release.
### Workarounds
No specific workarounds are detailed for CVE-2025-27363. Mitigation relies on applying security updates.
## Detection
- **Indicators of Compromise (IoCs):** None reported in the provided text.
- **Detection Methods and Tools:** Users should check their device's installed security patch level. Devices not at the May 2025 cumulative level or later are at risk. Google Play Protect is a recommended defense layer against Potentially Harmful Applications (PHAs).
## References
- Vendor Advisories: Official Android Security Bulletin—May 2025
- Relevant Links (Defanged):
- `source.android.com/docs/security/bulletin/2025-05-01`
- `thecyberexpress.com/android-security-bulletin-2/`