Google

In its May 2025 Android Security Bulletin, Google addressed 47 distinct flaws in the Android platform, including one zero-day vulnerability (CVE-2025-27363) actively exploited in the wild. The critical issue resides in the FreeType font library, which millions of devices use to render text. A specially crafted TrueType GX or variable font file can trigger an out-of-bounds write, allowing an attacker to run arbitrary code at the system level without any user interaction. Facebook first flagged the exploit in March, warning that threat actors may already have weaponized it. The vulnerability affects all Android versions embedding vulnerable FreeType releases prior to 2.13.0, and until devices receive the May update, they remain exposed. Google has notified OEM partners at least one month before public disclosure, but patch availability will vary by brand and model. Users are strongly advised to install the May 5, 2025 (or later) security update as soon as it appears on their device and to run active anti-malware protection to guard against potential attacks leveraging this flaw.

Source: https://www.malwarebytes.com/blog/news/2025/05/android-fixes-47-vulnerabilities-including-one-zero-day-update-as-soon-as-you-can

"id": "goo1045050625",
"linkid": "google",
"type": "Vulnerability",
"date": "5/2025",
"severity": "25",
"impact": "1",
"explanation": "Attack without any consequences"