Google’s Android security update for May 2025 patches a zero-day vulnerability in the FreeType font library that is currently being exploited in the wild, alongside dozens of high-severity flaws across the system, framework, and various hardware components.
The zero-day, tracked as CVE-2025-27363, resides in the System component and stems from a memory handling bug in FreeType — an open-source library widely used for font rendering. The flaw allows for local code execution without requiring additional privileges or user interaction. According to Facebook’s security team, which first disclosed details about the vulnerability in March 2025, attackers can exploit the issue through malformed TrueType GX or variable font files, leading to heap buffer overflows and potentially arbitrary code execution. While the vulnerability was fixed in FreeType 2.13.0 over two years ago, older versions remain embedded in many Android builds and third-party software, making the risk of exploitation significant.
Google has acknowledged signs of limited, targeted exploitation of CVE-2025-27363 in the wild, reinforcing the urgency for users and OEMs to apply the update. Devices patched with the 2025-05-05 security level will receive a fix for this vulnerability, along with all other patches from earlier levels.
Beyond the zero-day, the May 2025 bulletin addresses over 40 high-severity vulnerabilities affecting Android components such as the Framework, System, kernel, and key third-party hardware modules from Arm, MediaTek, Qualcomm, and Imagination Technologies.
While there are no standout vulnerabilities from the list, as they are all high severity, the fixes cover a broad spectrum of Android’s functionality, so applying the security update (patch level 2025-05-05) as soon as possible is important.
Android device manufacturers are expected to incorporate these fixes into their firmware. Devices running Android 10 and later will receive some of these patches through Google Play system updates, covering components like the Wi-Fi stack, Permission Controller, and Documents UI. However, it is recommended that users of older models move to a newer device running Android version 13 or later. For some models, third-party Android distributions like GrapheneOS and LineageOS exist, which might provide security in aging devices.
It would be wise to avoid sideloading apps from unknown sources, as exploitation of vulnerabilities like CVE-2025-27363 can often be triggered via malicious fonts embedded in documents or applications.
Leave a Reply