Google has released its May 2025 Android security update, patching 46 vulnerabilities, including a high-severity flaw actively exploited in the wild. The most critical issue is tracked as CVE-2025-27363, a System component vulnerability that allows local code execution without user interaction or elevated privileges.
This flaw carries a CVSS score of 8.1 and is considered the most dangerous among the newly addressed security issues. It is rooted in the FreeType open-source font rendering library, widely used for displaying text on Android devices.
Critical Flaw Exploited in the Wild
Google warned that CVE-2025-27363 could be used by attackers to execute code locally on a device. The vulnerability is classified as an out-of-bounds write issue that occurs when processing specially crafted TrueType GX or variable font files.
This flaw was originally disclosed in March 2025 by Facebook, which also noted that the bug had already been exploited in targeted attacks. Although Google did not share technical details, the company confirmed in its security bulletin that “there are indications that CVE-2025-27363 is under limited, targeted exploitation.”
The bug has been patched in FreeType versions above 2.13.0, and Google has incorporated the fix into its latest Android release. Users are urged to update as soon as possible to reduce their exposure to known attacks.
What makes this flaw especially serious is that no user interaction is required. Attackers can potentially run malicious code simply by getting the system to parse a crafted font file — for instance, through messaging apps or malicious websites.
Additional Vulnerabilities Fixed in Android
In addition to CVE-2025-27363, Google’s May 2025 patch addresses:
- 8 flaws in the Android System component
- 15 flaws in the Android Framework module
- Multiple issues affecting privilege escalation, information disclosure, and denial-of-service vulnerabilities
These flaws, if exploited, could allow threat actors to gain unauthorized access to sensitive data, increase their system privileges, or crash system processes to disrupt device functionality.
Google noted that newer Android versions include enhanced security features that make many of these issues harder to exploit. The company strongly recommends that users upgrade to the latest Android version to benefit from the latest protections.
“Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform,” the advisory stated. “We encourage all users to update to the latest version of Android where possible.”
The update highlights the ongoing challenges in securing the Android ecosystem, particularly because of fragmentation across devices and manufacturers. Not all users will receive updates immediately, depending on their phone model and brand.
What Users Should Do
Android users should check their device settings for available updates and install the May 2025 security patch as soon as possible. The update is especially urgent for users on Android versions using vulnerable FreeType libraries.
Google has not disclosed how the exploited vulnerability has been used in real-world attacks or what threat actors are behind it. Still, history shows that vulnerabilities like these are often part of targeted spyware campaigns or zero-click malware attacks.
For users unable to upgrade right away, reducing exposure to potentially malicious font files, such as avoiding unknown websites or suspicious documents, may lower the risk — but only updating can fully eliminate the vulnerability.
