- Android phones may be threatened with worrying about the security threat
- Qualcomm publishes a correction for two major faults in May and urged OEM to apply it
- Google has published a fix, so users should update now
Google has corrected a major vulnerability affecting Android smartphones which are actively exploited in the wild.
In June 2025, Qualcomm publicly announced the discovery of three vulnerabilities: CVE-2025-21479, CVE-2025-21480, CVE-2025-27038, claiming that they were “indications” of the Google analysis group (TAG), defects were used in “Limited and targeted exploitation”.
TAG focuses specifically on the follow-up of the actors of the threat sponsored by the State, as well as other highly sophisticated hacking groups, so if they were used in a limited and targeted exploitation, it is sure to suppose that these were nation state targeting high-value individuals such as diplomats, journalists, dissidents, scientists and similar.
Cisa sounds the alarm
At the time, Qualcomm also urged OEM (like Google), to deploy the patch in their products without delay.
“Corrects for problems affecting the Adreno graphics processing unit pilot (GPU) were made available to OEMs in May with a high recommendation to deploy the update on assigned devices as soon as possible,” said Qualcomm.
Google has now issued it August 2025 Update for Android, which includes fixes for two defects: CVE-2025-21479 and CVE-2025-27038.
The first is described as “the corruption of memory due to the execution of unauthorized commands in the GPU micronode during the execution of a specific command sequence” and received a gravity score of 8.6 / 10 (high). The latter is described as “the corruption of memory while making the graphics using GPU Adreno pilots in Chrome”, with a gravity score of 7.5 / 10 (high).
The American Cybersecurity and Infrastructure Safety Agency (CISA) also added these two bugs to its known catalog on the exploited vulnerabilities (KEV) on June 3, giving federal civilian management organizations (FCEB) a three -week deadline to repair or stop using vulnerable software.
Given the decentralized Android structure, it is sure to assume that different devices (for example, the Samsung Galaxy range, or an ONPLUS range) will receive these updates at different times. Pixel, being the range of Google mobile phones, will most likely receive updates first.
Via Bleeping Compompute
