Google has released its monthly security updates for Android with fixes for 46 security flaws, including one vulnerability that it said has been exploited in the wild.
The vulnerability in question is CVE-2025-27363 (CVSS score: 8.1), a high-severity flaw in the System component that could lead to local code execution without requiring any additional execution privileges.
“The most severe of these issues is a high security vulnerability in the System component that could lead to local code execution with no additional execution privileges needed,” Google said in a Monday advisory. “User interaction is not needed for exploitation.”
It’s worth noting that CVE-2025-27363 is rooted in the FreeType open-source font rendering library. It was first disclosed by Facebook in March 2025 as having been exploited in the wild.
The shortcoming has been described as an out-of-bounds write flaw that could result in code execution when parsing TrueType GX and variable font files. The issue has been remediated in FreeType versions higher than 2.13.0.
“There are indications that CVE-2025-27363 may be under limited, targeted exploitation,” Google acknowledged in its security bulletin. The exact specifics of the attacks are presently unknown.
Google’s May update also resolves eight other flaws in the Android System and 15 flaws in the Framework module that could be abused to facilitate privilege escalation, information disclosure, and denial-of-service.
“Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform,” the company said. “We encourage all users to update to the latest version of Android where possible.”
Update#
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added CVE-2025-27363 to its Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to apply the patches by May 27, 2025
