Google Fixes Actively Exploited Android System Flaw in May 2025 Security Update – The Hacker News
Google has released its monthly security updates for Android with fixes for 46 security flaws, including one vulnerability that it said has been exploited in the wild.
The vulnerability in question is CVE-2025-27363 (CVSS score: 8.1), a high-severity flaw in the System component that could lead to local code execution without requiring any additional execution privileges.
“The most severe of these issues is a high security vulnerability in the System component that could lead to local code execution with no additional execution privileges needed,” Google said in a Monday advisory. “User interaction is not needed for exploitation.”
It’s worth noting that CVE-2025-27363 is rooted in the FreeType open-source font rendering library. It was first disclosed by Facebook in March 2025 as having been exploited in the wild.
The shortcoming has been described as an out-of-bounds write flaw that could result in code execution when parsing TrueType GX and variable font files. The issue has been remediated in FreeType versions higher than 2.13.0.
“There are indications that CVE-2025-27363 may be under limited, targeted exploitation,” Google acknowledged in its security bulletin. The exact specifics of the attacks are presently unknown.
Google’s May update also resolves eight other flaws in the Android System and 15 flaws in the Framework module that could be abused to facilitate privilege escalation, information disclosure and denial-of-service.
“Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform,” the company said. “We encourage all users to update to the latest version of Android where possible.”
Cloud attacks move fast—fixes lag. Unite app, cloud, and SOC security to respond quicker and stop breaches early.
AI agents boost business—but create risks. Learn to prevent leaks, secure AI, and stay protected with expert tips.
Get the latest news, expert insights, exclusive resources, and strategies from industry leaders – all for free.
source
This is a newsfeed from leading technology publications. No additional editorial review has been performed before posting.
Turn insight into action with CDO TIMES.
CDO TIMES helps executives move from AI awareness to AI execution through practical frameworks, tools, executive research, and advisory support.
Explore the Frameworks
Continue with Enterprise AI 2030, HI + AI = ECI, AI Governance, and executive playbooks.
Explore Enterprise AI 2030 →Use the Free Tools
Assess readiness, estimate AI ROI, model AI costs, and prioritize AI initiatives.
Open Executive Tools →Read the Book
Explore the HI + AI = ECI leadership model in The AI-Ready Leader.
Order The AI-Ready Leader →Go deeper with CDO TIMES Pro.
Unlock premium research, executive playbooks, templates, advanced tools, and member-only briefings.
Need executive help?
Explore advisory, workshops, fractional CIO/CDO/CISO/CAIO support, and AI operating model design.
Explore Advisory →Attend executive events
Join leadership forums, executive dinners, webinars, and strategic AI briefings.
View Events →Build AI capability
Use CDO TIMES Academy for executive learning, AI leadership development, and implementation training.
Explore Academy →

