Google addresses six vulnerabilities in August’s Android security update

Google addressed six vulnerabilities affecting Android devices in its August security update, marking a months-long lull in the number of software defects disclosed and patched in the mobile operating system this summer.

The company issued no security patches in its update last month. Yet, monthly Android security bulletins typically address dozens of vulnerabilities. Google’s Android security update covered 34 vulnerabilities in June, 47 defects in May, 62 in April and 43 in March.

The summer break suggests Android partners and customers have experienced a temporary respite from a larger pool of vulnerabilities. Google notifies Android partners of all software defects affecting the mobile operating system at least a month before public disclosure.

Google said the most severe defect in this month’s security update — CVE-2025-48530 — is a critical remote code execution vulnerability in the Android system that doesn’t require user interaction or additional execution privileges for exploitation. 

The advisory also addressed two high-severity vulnerabilities — CVE-2025-22441 and CVE-2025-48533 — affecting the Android framework. Google said user interaction and additional privileges aren’t required to exploit the elevation of privilege defects.

None of the vulnerabilities addressed in this month’s security update are under active exploitation, according to Google. The company hasn’t included an actively exploited defect in its monthly batch of patches since May.

The Android security update contains two patch levels — 2025-08-01 and 2025-08-05 — allowing Android partners to address common vulnerabilities on different devices.

The second patch includes fixes for a high-severity vulnerability affecting Arm components and two vulnerabilities in Qualcomm components.

Third-party Android device manufacturers release security patches on their own schedule after they’ve customized operating system updates for their specific hardware.

Google said source code patches for all six vulnerabilities addressed in this month’s security update will be released to the Android Open Source Project repository by Wednesday.