What is CVE-2025-27363?
CVE-2025-27363 is a critical vulnerability (CVSS 8.1) in the Android System component. This flaw allows local code execution without requiring user interaction or special privileges — making it an attractive target for attackers.
According to Google’s advisory, “The most severe of these issues is a high security vulnerability in the System component that could lead to local code execution with no additional execution privileges needed.”
Rooted in the FreeType Library
This vulnerability is linked to an out-of-bounds write bug in the FreeType open-source font rendering library. It specifically affects how Android parses TrueType GX and variable font files.
- Originally disclosed by Facebook in March 2025
- Confirmed to be exploited in limited, targeted attacks
- Patched in FreeType versions > 2.13.0
Google confirmed signs of active exploitation but hasn't revealed the full scope of the attacks yet.
More Fixes in the May 2025 Security Bulletin
Besides CVE-2025-27363, the update includes patches for:
- 8 additional vulnerabilities in the Android System
- 15 flaws in the Framework module
- Exploitation risks: Privilege Escalation, Information Disclosure, and Denial-of-Service
What Should Android Users Do?
Google strongly encourages users to update their Android devices immediately. With each new Android version, enhanced security measures reduce the risk of exploitation.
Steps to stay protected:
- ✔️ Install the latest Android security patches
- ✔️ Keep your device updated with the latest OS version
- ✔️ Enable automatic updates if available
“We encourage all users to update to the latest version of Android where possible,” Google said in its bulletin.
Final Thoughts
Security flaws like CVE-2025-27363 demonstrate the ongoing need for timely updates. If you're running an Android device, check for updates now to protect yourself from potential threats.