Google patches critical Android vulnerabilities in August 2025 security bulletin

On August 4, 2025, Google released its August 5 security patch, addressing vulnerabilities across several components, including the Android Framework, System, and Google Play system updates, as well as third-party hardware like Qualcomm and Arm.

The most severe of the reported flaws, tracked as CVE-2025-48530, affects the Android System on version 16. It could allow remote code execution without user interaction or elevated privileges when chained with other flaws.

The August patch addressed two third-party vulnerabilities, CVE-2025-21479 and CVE-2025-27038, that were fixed by Qualcomm Graphics component in June 2025, and have already been exploited in the wild.

• CVE-2025-21479 is an incorrect authorization vulnerability and has been assigned a CVSS score of 8.6 out of 10.
• CVE-2025-27038 is a use-after-free vulnerability and received a CVSS score of 7.5.

These flaws could allow threat actors to bypass authorization checks and execute malicious code, potentially giving them full control over affected devices.

Analyst insights

Android System and Qualcomm components are two areas that underpin nearly every modern Android device used in business environments today, and these vulnerabilities could have far-reaching implications for enterprise mobile security.

A compromised device could mean compromised identity, and by extension, compromised infrastructure.

Stay on top of emerging threats like this.

Sign up to receive a weekly roundup of our security intelligence feed. You'll be the first to know of emerging attack vectors, threats, and vulnerabilities. 

Sign up

Cybercriminals with access to a victim’s Android device can exploit it as a gateway to harvest credentials across multiple layers of enterprise infrastructure.

With control over the device, they can intercept authentication tokens, extract saved passwords from browsers or apps, and hijack multi-factor authentication flows by capturing push notifications or one-time passcodes.

Many users store VPN credentials, cloud access keys, and corporate email logins directly on their phones, increasing the risk of unauthorized access into sensitive business systems.

Mobile patching rarely makes headlines, but it should be treated with the same urgency as server and endpoint updates. Users are advised to:

• Update immediately: Ensure your device is patched to the 2025-08-05 security level.
• Verify patch level: Go to Settings > About Phone > Android Version to check your security patch level.
• Enable Google Play Protect: This built-in service helps detect and block potentially harmful apps, especially if you install apps from outside Google Play.

Organizations relying on Android for secure access, especially those using mobile MFA apps like Google Authenticator, Duo, or Microsoft Authenticator, may consider additional measures to secure the exposed devices:

• Enforce mobile device management (MDM) policies that verify patch levels before granting access to sensitive resources.
• Audit app permissions and usage to detect anomalies that may indicate exploitation.
• Educate users on the importance of updates and the risks of sideloading apps from untrusted sources.