For all mobile enthusiasts, there’s an essential update from Google regarding its May 2025 security bulletin. This month’s update addresses an impressive 46 security vulnerabilities in Android, underscoring the constant need for digital protection.

However, it’s important to note that among these vulnerabilities, one has already been exploited. A particular fix in this update stands out due to its severity.

Google has confirmed that a security flaw identified as CVE-2025-27363 has been actively exploited in the wild. This vulnerability has a CVSS severity score of 8.1, categorizing it as high risk.

It originates from the “System” component of Android and poses a significant threat, allowing for local code execution without requiring special permissions. In simpler terms, an attacker could exploit this flaw to execute malicious code on your device without any need for user interaction.

Interestingly, this vulnerability was initially disclosed by Meta, the parent company of Facebook, back in March 2025. Meta had noted that it was being exploited at that time.

The issue is associated with a specific open-source font rendering library called FreeType, which has now been addressed in the latest update by incorporating newer versions beyond 2.13.0. While the specifics of the attacks remain classified, Google did mention that there are signs indicating limited and targeted exploitation of this vulnerability.

In addition to addressing this critical flaw, Google’s May update includes fixes for eight additional vulnerabilities in the core Android system, along with 15 more in the Framework module. These fixes are designed to mitigate risks such as privilege escalation, information disclosure, and denial of service, enhancing the overall security of Android devices.