A patch has resolved six vulnerabilities in Android, including actively exploited Qualcomm vulnerabilities.
Google has patched six security vulnerabilities in Android, including two Qualcomm vulnerabilities that were actively exploited in targeted attacks. The vulnerabilities (CVE-2025-21479 and CVE-2025-27038) were revealed at the end of January by Google’s Android Security team.
Danger in the Graphics Layer
CVE-2025-21479 is an authorization issue in the Graphics Framework that can lead to a memory error due to improperly passed commands. The second vulnerability is an error in the GPU drivers caused during graphic rendering in Chrome. Qualcomm warned in June that these bugs might have already been exploited, according to reports from Google’s Threat Analysis Group.
The patches for affected GPU drivers were already available in May with an urgent request to implement them quickly. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) also urged government agencies to secure devices against these vulnerabilities by June 24 at the latest.
Critical System Vulnerability
In addition to the Qualcomm issues, Google also addresses a critical vulnerability in the System component in this update, writes BleepingComputer. This can allow remote code execution without permissions and without user interaction when combined with other errors.
The 2025-08-05 patch bundles all fixes, but it is up to manufacturers to implement them. Pixels are immediately up-to-date, while other devices often have to wait longer.