· Vulnerability  · 2 min read

Google Patches Two Actively Exploited Qualcomm Zero-Days

Google's August 2025 Android update patches two actively exploited Qualcomm zero-day vulnerabilities. Learn about CVE-2025-21479 and CVE-2025-27038 and why you must update your device now.

Google has released security updates to address multiple security flaws in Android, including fixes for two Qualcomm bugs that were flagged as actively exploited in the wild.

Two Actively Exploited Qualcomm Zero-Days

The core vulnerabilities, which the chipmaker disclosed back in June 2025, are:

  • CVE-2025-21479 (CVSS score: 8.6)
  • CVE-2025-27038 (CVSS score: 7.5)

CVE-2025-21479 is an incorrect authorization vulnerability in the Graphics component. This flaw could lead to memory corruption because of unauthorized command execution in the GPU microcode.

CVE-2025-27038, on the other hand, is a use-after-free vulnerability, also in the Graphics component. This could result in memory corruption while rendering graphics using Adreno GPU drivers in Chrome.

Limited, Targeted Exploitation in the Wild

There are still no details on how these shortcomings have been weaponized in real-world attacks. However, Qualcomm noted at the time that Google’s Threat Analysis Group (TAG) found indications of potential exploitation.

“there are indications from Google Threat Analysis Group that CVE-2025-21479, CVE-2025-21480, CVE-2025-27038 may be under limited, targeted exploitation.”

Given that similar flaws in Qualcomm chipsets have been exploited by commercial spyware vendors like Variston and Cy4Gate in the past, it’s suspected that these vulnerabilities may also have been abused in a similar context.

Following the disclosure, the three vulnerabilities were added to the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to apply the updates by June 24, 2025.

Other Notable Fixes in the August Patch

Google’s August 2025 patch also resolves several other critical issues:

  • Two high-severity privilege escalation flaws in the Android Framework (CVE-2025-22441 and CVE-2025-48533).
  • A critical bug in the System component (CVE-2025-48530) that could result in remote code execution when combined with other flaws, requiring no additional privileges or user interaction.

What You Should Do

Google has released two patch levels: 2025-08-01 and 2025-08-05. The latter incorporates fixes for closed-source and third-party components from Arm and Qualcomm.

All Android device users are advised to apply these security updates as soon as they become available to stay protected against potential threats.

Share this post

Share Tweet Send Share Email
Newsletter Signup

News Feed

Get the Hottest Cybersecurity News Delivered to You!

Related News

Discover more news articles that might interest you

View All →
Trend Micro Apex One Flaws Actively Exploited

Trend Micro Apex One Flaws Actively Exploited

ECScape Flaw in Amazon ECS Allows Credential Theft

ECScape Flaw in Amazon ECS Allows Credential Theft

Akira Ransomware Hits SonicWall VPNs in Zero-Day Attack

Akira Ransomware Hits SonicWall VPNs in Zero-Day Attack

CISA Urges Immediate Patch for PHPMailer Vulnerability

CISA Urges Immediate Patch for PHPMailer Vulnerability

Critical Linux Vulnerability Allows Secure Boot Bypass via Initramfs

Critical Linux Vulnerability Allows Secure Boot Bypass via Initramfs

ClickFix Malware Uses Fake CAPTCHAs for Infections

ClickFix Malware Uses Fake CAPTCHAs for Infections