Google on Monday started rolling out a fresh security update for Android phones, with fixes for roughly 50 vulnerabilities, including a bug exploited in the wild.
Resolved as part of the update’s first part, which arrives on devices as the 2025-05-01 security patch level, the exploited flaw is tracked as CVE-2025-27363 (CVSS score of 8.1) and impacts the FreeType software development library.
The issue is described as an out-of-bounds write in the open source rendering engine’s versions up to and including 2.13.0 that could lead to arbitrary code execution.
“There are indications that CVE-2025-27363 may be under limited, targeted exploitation,” Google notes in Android’s May 2025 security bulletin.
The internet giant rolled out patches for the bug roughly two months after Facebook parent company Meta warned that it had been exploited as a zero-day, urging organizations to update to FreeType version 2.13.3 or later.
There does not appear to be any public information regarding the attacks exploiting CVE-2025-27363.
Android’s 2025-05-01 security patch level resolves a total of 24 high-severity vulnerabilities in the Framework and System components, most of which could be exploited for elevation of privilege.
The second part of this month’s update arrives on devices as the 2025-05-05 security patch level and resolves 22 flaws in Imagination Technologies, Arm, MediaTek, and Qualcomm components. It also updates the Linux Kernel LTS (long-term support) version.
Google’s advisory also mentions four security defects in Project Mainline components that have been resolved with Google Play system updates.
Android devices running a security patch level of 2025-05-05 include fixes for all the vulnerabilities addressed with the May 2025 update and previous monthly updates.
This month’s update for Automotive OS includes the fixes covered by the Android May 2025 security bulletin, but no security patches specific to this platform.
In addition to Android’s May 2025 patches, the update for Wear OS resolves four platform-specific bugs that could lead to elevation of privilege or denial of service.
Related: Android Update Patches Two Exploited Vulnerabilities
Related: Google Patches Pair of Exploited Vulnerabilities in Android
Related: Vulnerability Patched in Android Possibly Exploited by Forensic Tools
Related: First Android Update of 2025 Patches Critical Code Execution Vulnerabilities