Pierluigi Paganini May 06, 2025

Google addressed 46 Android security vulnerabilities, including one issue that has been exploited in attacks in the wild.

Google’s monthly security updates for Android addressed 46 flaws, including a high-severity vulnerability, tracked as CVE-2025-27363 (CVSS score of 8.1), that has been exploited in the wild.

The company did not disclose any details regarding the attacks or the threat actors exploiting the vulnerability.

The vulnerability resides in the System component, and successful exploitation could lead to local code execution.

“The most severe of these issues is a high security vulnerability in the System component that could lead to local code execution with no additional execution privileges needed. User interaction is not needed for exploitation.” reads the Android Security Bulletin—May 2025.

“There are indications that CVE-2025-27363 may be under limited, targeted exploitation.”

In mid-March, Meta warned that an out-of-bounds write vulnerability, tracked as CVE-2025-27363 in the FreeType library, may have been actively exploited in attacks.

“An out of bounds write exists in FreeType versions 2.13.0 and below when attempting to parse font subglyph structures related to TrueType GX and variable font files.” reads the advisory published by Meta. “The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution.”

The company did not disclose details on the attacks exploiting this vulnerability, attackers, or attack scale.

“This vulnerability may have been exploited in the wild.” continues the advisory.

The vulnerability doesn’t impact FreeType versions after 2.13.0.

The experts warn that multiple Linux distributions are using an outdated library version, making them vulnerable to attacks.

“Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform. We encourage all users to update to the latest version of Android where possible.” concludes the Google’s Bulletin.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini (SecurityAffairs – hacking, Android)