Google’s August 2025 Android security update is now rolling out, bringing with it critical fixes, including a patch for a Qualcomm vulnerability that has been actively exploited in the wild. The update, a significant one despite having a shorter list of resolved issues compared to previous months, addresses a total of six vulnerabilities, with the most severe being a remote code execution (RCE) flaw in the System component.
The highlight of the August bulletin is the patch for a “use-after-free” vulnerability in the Qualcomm Adreno GPU driver, tracked as CVE-2025-27038. This flaw, which was disclosed by Qualcomm in June, has been under “limited, targeted exploitation” according to Google’s Threat Analysis Group. While specific details on the attacks haven’t been made public, similar past exploits of Qualcomm chipsets suggest that the vulnerability may have been targeted by commercial spyware vendors.
The vulnerability could lead to memory corruption when rendering graphics, a dangerous flaw that could be a stepping stone for more severe attacks. Qualcomm had already provided patches to its manufacturing partners (OEMs) in May, with a strong recommendation for immediate deployment. However, it is only with Google’s August security bulletin that the fix has been formally integrated into the Android platform’s public updates.
The August update is being released in two parts. The first, with the 2025-08-01 security patch level, addresses a critical RCE vulnerability in the System component (CVE-2025-48530) that can be exploited without user interaction. The second, with the 2025-08-05 patch level, contains the fix for the exploited Qualcomm flaw and other issues in third-party components from Arm and Qualcomm.
Users are strongly advised to update their Android devices as soon as the patch becomes available. While Google Pixel devices typically receive updates promptly, the timing for other manufacturers can vary. This month’s bulletin is a stark reminder that even seemingly minor updates are crucial for maintaining device security and protecting against sophisticated threats.
