GovCERT.HK - High Threat Security Alert (A25-09-02): Multiple Vulnerabilities in Android

Description:

Google has released Android Security Bulletin September 2025 to fix multiple security vulnerabilities in Android operating system. The list of security updates can be found at:
https://source.android.com/docs/security/bulletin/2025-09-01

Android indicates that escalation of privilege vulnerabilities (CVE-2025-38352 and CVE-2025-48543) may be under limited, targeted exploitation. System administrators are advised to take immediate actions to patch your affected systems to mitigate the elevated risk of cyber attacks.

Affected Systems:

Android version 13, 14, 15 and 16

Impact:

Depending on the vulnerability exploited, a successful attack could lead to remote code execution, denial of service, elevation of privilege or information disclosure on an affected device.

Recommendation:

Some manufacturers have fixed or have planned to fix the vulnerabilities in their Android systems. Users are recommended to consult the product vendors to confirm the availability of patches. If patches are available, users should upgrade to the fixed versions or follow the recommendations provided by the product vendors to mitigate the risk.

More Information:

https://source.android.com/docs/security/bulletin/2025-09-01
https://www.hkcert.org/security-bulletin/android-multiple-vulnerabilities_20250903
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39810
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24023
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47898
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47899
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-49714
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7881
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0076
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0089
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-021701
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0467
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1246
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1706
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20696
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20703
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20704
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20708
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21427
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21432
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21433
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21446
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21449
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21450
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21454
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21464
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21465
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21477
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21481 (to CVE-2025-21484)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21487
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21488
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21755
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25179
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25180
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26454
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-26464
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27032
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27034
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27042
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27043
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27052
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27056
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27057
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27061
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27065
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27066
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27073
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3212
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32321
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32323 (to CVE-2025-32327)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32330 (to CVE-2025-32333)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32345 (to CVE-2025-32347)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32349
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32350
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-38352
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46707
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46708
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46710
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47317
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47318
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47326
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47328
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47329
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48522 (to CVE-2025-48524)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48526 (to CVE-2025-48529)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48531
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48532
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48534
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48535
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48537 (to CVE-2025-48554)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48556
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48558 (to CVE-2025-48563)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48581
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8109

Tag: Android