Android May 2025 security update patches 46 flaws, including one that’s been exploited

Heads up: the Android May 2025 security update is more than just routine maintenance. Google has patched 46 vulnerabilities this month—but one of them isn’t theoretical. It’s actively being exploited right now.

The flaw in question is CVE-2025-27363, and it’s no minor bug. Google gave it a CVSS severity score of 8.1, which is considered high. It affects Android’s “System” component and allows for local code execution without any special permissions. Even worse, Google confirmed that no user interaction is required for an attacker to trigger it.

According to Google’s advisory, there are “indications” that CVE-2025-27363 is under limited, targeted exploitation. Translation: it’s not a mass-scale attack (yet), but bad actors are already using it in the wild.

Meta was actually the first to flag the issue in March. They found that the flaw stemmed from the FreeType open-source font rendering library. The good news? Google has patched the issue by rolling out a newer version of FreeType—anything above 2.13.0 is considered safe.

As for the rest of the update, the remaining 45 fixes span across the kernel, system, and several hardware components. So if you haven’t already, install the update as soon as it hits your phone. This month’s patch isn’t just about tightening bolts—it’s about closing doors that are already being pried open.

The full bulletin is available on Google’s security site, but the bottom line is this: Android May 2025 security update isn’t optional. Make sure you get it.

The post Android May 2025 security update patches 46 flaws, including one that’s been exploited appeared first on Phandroid.