Cyber Defense Advisors

Google’s August Patch Fixes Two Qualcomm Vulnerabilities Exploited in the Wild

Google has released security updates to address multiple security flaws in Android, including fixes for two Qualcomm bugs that were flagged as actively exploited in the wild.

The vulnerabilities include CVE-2025-21479 (CVSS score: 8.6) and CVE-2025-27038 (CVSS score: 7.5), both of which were disclosed alongside CVE-2025-21480 (CVSS score: 8.6), by the chipmaker back in June 2025.

CVE-2025-21479 relates to an incorrect authorization vulnerability in the Graphics component that could lead to memory corruption due to unauthorized command execution in GPU microcode.

CVE-2025-27038, on the other hand, use-after-free vulnerability in the Graphics component that could result in memory corruption while rendering graphics using Adreno GPU drivers in Chrome.

There are still no details on how these shortcomings have been weaponized in real-world attacks, but Qualcomm noted at the time that “there are indications from Google Threat Analysis Group that CVE-2025-21479, CVE-2025-21480, CVE-2025-27038 may be under limited, targeted exploitation.”

Given that similar flaws in Qualcomm chipsets have been exploited by commercial spyware vendors like Variston and Cy4Gate in the past, it’s suspected that the aforementioned shortcomings may also have been abused in a similar context.

Cybersecurity

The three vulnerabilities have since been added to the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to apply the updates by June 24, 2025.

Google’s August 2025 patch also resolves two high-severity privilege escalation flaws in Android Framework (CVE-2025-22441 and CVE-2025-48533) and a critical bug in the System component (CVE-2025-48530) that could result in remote code execution when combined with other flaws without requiring any additional privileges or user interaction.

The tech giant has made available two patch levels, 2025-08-01 and 2025-08-05, with the latter also incorporating fixes for closed-source and third-party components from Arm and Qualcomm. Android device users are advised to apply the updates as and when they become available to stay protected against potential threats.

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.

 

Related Post

The AI Fix #62: AI robots can now

In episode 62 of The AI Fix, your hosts learn how AI models smash through CAPTCHA roadblocks like they’re made

Cyber News

Cursor AI Code Editor Vulnerability Enables RCE via

Cybersecurity researchers have disclosed a high-severity security flaw in the artificial intelligence (AI)-powered code editor Cursor that could result in

Cyber News

Misconfigurations Are Not Vulnerabilities: The Costly Confusion Behind

In SaaS security conversations, “misconfiguration” and “vulnerability” are often used interchangeably. But they’re not the same thing. And misunderstanding that

Cyber News

Surveilling Your Children with AirTags

Skechers is making a line of kid’s shoes with a hidden compartment for an AirTag.  

Cyber News

Leave feedback about this

  • Quality
  • Price
  • Service
Choose Image