InfoSecBulletin Cybersecurity for mankind
Google’s August 2025 Android Security Bulletin addresses several vulnerabilities. Notably, CVE-2025-21479 and CVE-2025-27038 were exploited before the release. There’s also CVE-2025-21480, a serious Qualcomm issue revealed in June 2025.
CVE-2025-21479 and CVE-2025-27038 have high CVSS scores of 8.6 and 7.5, indicating serious vulnerabilities. CVE-2025-21480 also scored 8.6 and is under close observation. Qualcomm disclosed all three vulnerabilities in June. Although specific exploitation methods are not known, there is credible evidence of their use in targeted attacks.
Qualcomm disclosed two vulnerabilities: CVE-2025-21479, an incorrect authorization issue in the Graphics component that may lead to unauthorized GPU command execution and memory corruption. CVE-2025-27038 is a use-after-free vulnerability in the Graphics component that can cause memory corruption when rendering graphics with Adreno GPU drivers in Chrome.
The Google Threat Analysis Group reports that vulnerabilities CVE-2025-21479, CVE-2025-21480, and CVE-2025-27038 face “limited, targeted exploitation.” No additional details on attack methods or perpetrators have been shared.
