Google has released its Android Security Bulletin for May 2025, fixing multiple security vulnerabilities affecting Android devices. The bulletin highlights that security patch levels of 2025-05-05 or later address all identified issues, with patches being released to the Android Open Source Project repository within 48 hours of the announcement.
Of particular concern is CVE-2025-27363, a high-severity vulnerability in the System component that could enable local code execution without requiring additional execution privileges or user interaction. Google specifically notes that "there are indications that CVE-2025-27363 may be under limited, targeted exploitation," suggesting active attacks against this vulnerability in the wild.
Google has patched the in-wild exploited bug almost two months after Facebook warned that the security defect was found in FreeType versions 2.13.0 and below and provides a pathway for arbitrary code execution attacks.
The May bulletin follows Android's established dual patch level approach. The 2025-05-01 patch level addresses framework and system vulnerabilities, while the more comprehensive 2025-05-05 patch level includes additional fixes for hardware components from various vendors, including Arm, Imagination Technologies, MediaTek, and Qualcomm.
In total, 15 high-severity vulnerabilities were found in the Framework component, primarily related to Elevation of Privilege (EOP) issues. The System component contains 9 high-severity vulnerabilities, including the aforementioned code execution flaw under active exploitation.
For device owners concerned about their security status, Google recommends checking their device's security patch level through Settings. Security patch levels of 2025-05-05 or later will address all vulnerabilities mentioned in this bulletin. For devices running Android 10 or later, some protections may arrive via Google Play system updates.
Android users are strongly encouraged to apply these security updates as soon as they become available for their devices to protect against potential exploitation of these vulnerabilities.