Android Patches Qualcomm Vulnerabilities Exploited in Targeted Attacks

Google has released the August 2025 Android security updates, addressing six vulnerabilities—two of which affect Qualcomm components and were actively exploited in targeted attacks.

The exploited flaws, tracked as CVE-2025-21479 and CVE-2025-27038, were initially reported to the Android security team in January 2025.

• CVE-2025-21479 – A graphics framework authorization flaw that could lead to memory corruption due to unauthorized GPU microcode execution under specific command sequences.
• CVE-2025-27038 – A use-after-free vulnerability in Adreno GPU drivers, leading to memory corruption during Chrome rendering.

Google’s bulletin also includes patches that Qualcomm disclosed in June 2025, at which time the company confirmed that Google’s Threat Analysis Group (TAG) had observed these vulnerabilities being used in limited, targeted attacks.

“In May, OEM partners were provided with fixes for issues affecting the Adreno GPU driver, along with a strong recommendation to deploy the update to affected devices as soon as possible,” Qualcomm stated.

In addition, the August patch addresses a critical system component vulnerability (CVE-2025-48530) that could enable remote code execution by unprivileged actors—though successful exploitation requires chaining with other bugs. Notably, it demands no user interaction.

Patch Levels Explained

As part of its regular update cadence, Google issued two patch levels:

• 2025-08-01 – Covers general Android security fixes.
• 2025-08-05 – Includes all fixes from the first level, plus updates for proprietary drivers, Qualcomm components, and kernel subsystems (which may not apply to all Android devices).

Call to Action

All Android users are strongly urged to install the latest security updates as soon as they become available to ensure protection against these actively exploited threats.