Google Fixed Two Qualcomm Bugs Exploited in the Wild

Google has addressed two critical vulnerabilities in Qualcomm chipsets that were actively exploited in the wild, further underscoring the importance of timely software updates for Android users. The patches, released recently, are part of a broader effort to address multiple Android flaws and mitigate the risk of attack.

The Vulnerabilities

Two Qualcomm vulnerabilities, tracked as CVE-2025-21479 (CVSS score: 8.6) and CVE-2025-27038 (CVSS score: 7.5), were actively exploited in the wild. These bugs affected the Adreno Graphics Processing Unit (GPU) driver and were reported to Google by the Android Security team in June.

According to a report published by Google, there are indications that these vulnerabilities may be under limited, targeted exploitation. The company recommended that OEMs deploy the update on affected devices as soon as possible, along with patches for the issues affecting the Adreno Graphics Processing Unit (GPU) driver.

The Attack Landscape

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Qualcomm chipsets flaws to its Known Exploited Vulnerabilities (KEV) catalog in early July, highlighting the severity of the issue.

While the company did not share details about the attacks exploiting these vulnerabilities, it is clear that they pose a significant risk to Android users. The most severe flaw addressed by Google is a critical vulnerability, tracked as CVE-2025-48530, in the System component that enabled remote code execution without user interaction or extra privileges.

The Fix

Google released two Android patch levels, 2025-08-01 and 2025-08-05, with the latter including fixes from Arm and Qualcomm. These patches are now available for users to download and install on their devices.

Users are urged to update as soon as possible to ensure that they have the latest security patches and can mitigate the risk of attack. This highlights the importance of keeping software up-to-date, especially when it comes to critical vulnerabilities like these.

Stay Safe Online

If you're an Android user, make sure to follow me on Twitter (@securityaffairs) and Facebook for the latest security news and updates. We'll be monitoring this situation closely and providing you with the information you need to stay safe online.