Android Security Bulletin – May 2025: Critical Zero-Day Vulnerability CVE-2025-27363 Actively Exploited

On May 5, 2025, Google released its monthly Android Security Bulletin, addressing 47 vulnerabilities across various components of the Android operating system. Among these, a critical zero-day vulnerability, CVE-2025-27363, has been identified as actively exploited in the wild. This vulnerability, located in the System component, allows for local code execution without requiring additional privileges or user interaction, posing a significant risk to Android users worldwide.

CVE-2025-27363 is an out-of-bounds write vulnerability in the FreeType library versions 2.13.0 and below, which is used for font rendering in Android devices. Exploitation of this flaw can lead to arbitrary code execution, enabling attackers to execute malicious code on affected devices without user interaction. This zero-click vulnerability has been actively exploited in targeted attacks, prompting immediate attention from security agencies and experts.

Affected Android Versions:
The vulnerability impacts Android versions 13, 14, and 15. Devices running these versions are urged to apply the latest security patches to mitigate the risk.

Patch Details:
Google’s May 2025 security update includes two patch levels:

• 2025-05-01: Addresses 28 vulnerabilities.
• 2025-05-05: Addresses 22 additional vulnerabilities, including CVE-2025-27363.

Users should ensure their devices are updated to at least the 2025-05-05 patch level to be protected against this critical vulnerability.

Mitigation Efforts:
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-27363 to its Known Exploited Vulnerabilities (KEV) catalog, mandating federal agencies to apply the necessary patches by May 27, 2025.

10 Recommendations to Mitigate Future Threats:

1. Regularly Update Devices: Ensure that your Android devices are always running the latest security patches.
2. Enable Automatic Updates: Turn on automatic updates to receive patches promptly upon release.
3. Install Apps from Trusted Sources: Only download applications from reputable sources like the Google Play Store to reduce the risk of malware.
4. Utilize Mobile Security Solutions: Employ reputable mobile security software to detect and prevent potential threats.
5. Educate Users: Raise awareness about the importance of security updates and safe browsing habits among users.
6. Implement Device Management Policies: Organizations should enforce mobile device management (MDM) policies to control and secure devices within their networks.
7. Monitor for Unusual Activity: Regularly check devices for signs of compromise, such as unexpected behavior or unauthorized access.
8. Restrict Permissions: Limit app permissions to only what is necessary for their functionality.
9. Backup Data Regularly: Maintain regular backups to recover data in case of a security incident.
10. Stay Informed: Keep abreast of the latest security bulletins and advisories from trusted sources like Google’s Android Security Bulletin page.

Conclusion:

The active exploitation of CVE-2025-27363 underscores the critical importance of timely security updates and vigilant cybersecurity practices. By adhering to recommended security measures and staying informed about emerging threats, users and organizations can significantly reduce their risk exposure in the evolving digital landscape.