· Vulnerability · 2 min read
Google Patches Two Actively Exploited Qualcomm Zero-Days

Google has released security updates to address multiple security flaws in Android, including fixes for two Qualcomm bugs that were flagged as actively exploited in the wild.
Two Actively Exploited Qualcomm Zero-Days
The core vulnerabilities, which the chipmaker disclosed back in June 2025, are:
- CVE-2025-21479 (CVSS score: 8.6)
- CVE-2025-27038 (CVSS score: 7.5)
CVE-2025-21479 is an incorrect authorization vulnerability in the Graphics component. This flaw could lead to memory corruption because of unauthorized command execution in the GPU microcode.
CVE-2025-27038, on the other hand, is a use-after-free vulnerability, also in the Graphics component. This could result in memory corruption while rendering graphics using Adreno GPU drivers in Chrome.
Limited, Targeted Exploitation in the Wild
There are still no details on how these shortcomings have been weaponized in real-world attacks. However, Qualcomm noted at the time that Google’s Threat Analysis Group (TAG) found indications of potential exploitation.
“there are indications from Google Threat Analysis Group that CVE-2025-21479, CVE-2025-21480, CVE-2025-27038 may be under limited, targeted exploitation.”
Given that similar flaws in Qualcomm chipsets have been exploited by commercial spyware vendors like Variston and Cy4Gate in the past, it’s suspected that these vulnerabilities may also have been abused in a similar context.
Following the disclosure, the three vulnerabilities were added to the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to apply the updates by June 24, 2025.
Other Notable Fixes in the August Patch
Google’s August 2025 patch also resolves several other critical issues:
- Two high-severity privilege escalation flaws in the Android Framework (CVE-2025-22441 and CVE-2025-48533).
- A critical bug in the System component (CVE-2025-48530) that could result in remote code execution when combined with other flaws, requiring no additional privileges or user interaction.
What You Should Do
Google has released two patch levels: 2025-08-01 and 2025-08-05. The latter incorporates fixes for closed-source and third-party components from Arm and Qualcomm.
All Android device users are advised to apply these security updates as soon as they become available to stay protected against potential threats.
Share this post
News Feed
Get the Hottest Cybersecurity News Delivered to You!
Thank you!
You have successfully joined our subscriber list.