In response to the discovery of actively exploited 0-day vulnerabilities, Google has released its September 2025 Android Security Bulletin, rolling out patch level 2025-09-05 to safeguard millions of devices.
The bulletin details critical issues in both System and Kernel components, and emphasizes the importance of immediate updates to mitigate remote code execution risks.
Key Takeaways
1. Patch 2025-09-05 fixes CVE-2025-38352 (zero-interaction RCE) and CVE-2025-48543 (kernel EoP).
2. System bug needs no user action; kernel bug grants root.
3. Update now; AOSP source in 48 hrs.
Critical System Component RCE Vulnerability
The flagship fix addresses CVE-2025-38352, a zero-interaction flaw in the Android System component that allows remote (proximal/adjacent) code execution without any elevated privileges.
Google’s severity assessment rates this as Critical, noting that successful exploitation could grant attackers complete control of affected devices even with platform and service mitigations enabled in development environments.
No user engagement, such as clicking a link or opening a file, is required to trigger the exploit.
Source code patches for CVE-2025-38352 are now available in the Android Open Source Project (AOSP) repository.
Google plans to update the bulletin with direct AOSP links within 48 hours of publication.
High-Severity Elevation of Privilege Flaw
Another patch targets CVE-2025-48543, an Elevation of Privilege (EoP) vulnerability in the Android Kernel.
Rated High, this flaw could allow local code to gain root-level permissions, bypassing SELinux policies and other kernel-level safeguards.
Affected versions include Android 13, 14, 15, and 16. Partners have received notification of both issues over a month in advance, ensuring OEMs can integrate the necessary kernel patches into upcoming device updates.
| CVE | Title | Severity |
| CVE-2025-38352 | Remote (proximal/adjacent) code execution in System component, zero-interaction | Critical |
| CVE-2025-48543 | Elevation of Privilege in Kernel, bypass SELinux to gain root | High |
Users are strongly advised to verify their patch level is at least 2025-09-05 and to apply updates immediately.
Android partners have been briefed, and AOSP source code updates will be released shortly.
This coordinated effort underscores Google’s commitment to proactive vulnerability management and rapid response to emerging threats.
Users and device manufacturers alike must prioritize this update to maintain the integrity of Android’s security posture.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
Source link
