- Android -Thils that may be threatened by worrying about security threat
- Qualcomm releases fix for two major defects in May and called on OEMs to apply it
- Google released a patch so users need to update now
Google has patched a greater vulnerability affecting Android smartphones that are actively exploited in nature.
In June 2025, Qualcomm publicly announced to discover three vulnerabilities: CVE-2025-21479, CVE-2025-21480, CVE-2025-27038, saying they were “indications” from Google Threat Analysis Group (Tag) The deficiencies were used in “limited, targeted to investigate.”
Tag focuses specifically on tracking state -supported threat actors along with other very sophisticated hacking groups, so if used in limited and targeted exploitation, it is safe to assume that these were nation states targeted at high value individuals, such as diplomats, journalists, dissidents, scientists and the like.
Cisa sounds the alarm
At that time, Qualcomm also called OEMs (such as Google) to implement the patch in their products without delay.
“Patches to the problems that affect the Adreno Graphics Processing Unit (GPU) driver has been made available to OEMs in May along with a strong recommendation to implement the update on the affected devices as soon as possible,” Qualcomm said.
Google has now issued the August 2025 update to Android, which includes corrections for two of the shortcomings: CVE-2025-21479 and CVE-2025-27038.
The former is described as “memory corruption due to unauthorized command execution in GPU micronode while performing a certain series of commands” and getting a severity of 8.6/10 (high). The latter is described as “memory corruption while reproducing graphics using the ADRENO GPU drivers in Chrome” with a severity of 7.5/10 (high).
The US Cyber Security and Infrastructure Security Agency (CISA) also added these two bugs to its known utilized vulnerabilities (KEV) catalog on June 3rd, giving the Federal Civil Executive Branch (FCCEB) organizations a three-week deadline to patch up or stop using vulnerable software completely.
Given Android’s decentralized structure, it is safe to assume that different devices (for example, Samsung’s Galaxy -lineup or OnePlus’ en lineup) get these updates at different times. Pixel, which is Google’s range of mobile phones, will probably first receive the updates.
Via Bleeping computer
