Google’s May security update for Android has been released, and it contains fixes for 46 security flaws including one that the company says has been actively exploited in the wild.
The vulnerability that Google says has been under limited, targeted exploitation is being tracked as CVE-2025-27363 and has a CVSS score of 8.1 which makes it a high-severity flaw.
This flaw is in the System component and doesn’t require any user interaction for exploitation. It is rooted in an open-source font rendering library, and is a type of out-of-bounds write flaw that could cause code execution when TrueType GX or variable font files are being parsed. Because of its location, it could lead to local code execution without the need for any extra privileges.
CVE-2025-27363 was first disclosed by Facebook in March of 2025 but it has now been remediated in FreeType versions higher than 2.13.0. Other flaws in the May Android update include eight vulnerabilities in the Android System and 15 in the Framework module which could be used for privilege escalation, information disclosure or used for denial-of-service or DDoS attacks.
Google has stated in the security update that exploitation of these issues is made more difficult by the enhancements in newer versions of the Android platform, and the company encourages all users to update to the latest version of Android where possible. They also encourage users to use Google Play Protect so they will receive notifications about potentially dangerous apps.
