Google has released its May 2025 Android security update, addressing 47 vulnerabilities, including a high-severity flaw actively exploited in the wild. The vulnerability, tracked as CVE-2025-27363, resides in the FreeType font rendering library and allows attackers to execute arbitrary code without user interaction.
Understanding CVE-2025-27363
CVE-2025-27363 is an out-of-bounds write vulnerability in FreeType versions up to 2.13.0. When processing malformed TrueType GX or variable font files, the flaw can lead to heap buffer overflows, enabling arbitrary code execution. Facebook’s security team first disclosed this vulnerability in March 2025, noting its exploitation in targeted attacks.
Google’s May update patches this flaw, acknowledging indications of limited, targeted exploitation. The vulnerability affects Android versions 13 and 14, and users are urged to update their devices promptly.
Additional Vulnerabilities Addressed
Beyond CVE-2025-27363, the May 2025 security bulletin addresses numerous high-severity vulnerabilities:
- 15 flaws in the Android Framework component, potentially leading to privilege escalation and information disclosure.
- 9 issues in the Android System component, which could result in local code execution.
- 22 vulnerabilities in hardware components from Arm, MediaTek, Qualcomm, and Imagination Technologies.
These patches are included in the 2025-05-01 and 2025-05-05 security patch levels. Devices updated to the 2025-05-05 level receive all fixes from both patch levels.
Steps to Protect Your Device
To ensure your Android device is protected:
- Navigate to Settings > About phone > Software updates.
- Check for updates and install the latest security patch.
- Verify your device’s security patch level is 2025-05-05 or later.
For devices no longer receiving official updates, consider using third-party Android distributions that provide security patches for older models.
Importance of Timely Updates
The active exploitation of CVE-2025-27363 underscores the critical need for timely security updates. Attackers can leverage such vulnerabilities to compromise devices without user interaction, emphasizing the importance of regular patching to maintain device security.
