Google has started rolling out its May 2025 Android security update, and it includes a fix for a critical vulnerability actively used in attacks. The flaw—tracked as CVE-2025-27363—was found in FreeType, an open-source text rendering engine.
This bug, found in FreeType versions up to 2.13.0, allows attackers to write outside the expected memory range. That flaw can open the door to remote code execution, giving attackers full control over a device. Google confirmed that it has seen this vulnerability exploited in the wild.
Meta first raised the alarm two months ago. The company urged developers to update to FreeType 2.13.3 or higher, warning that the flaw had already been used in targeted attacks. While exact details remain private, the urgency behind this patch is clear.
The fix appears in the 2025-05-01 Android security patch. Alongside it, Google patched 24 other high-severity flaws across Android’s Framework and System. Many of those bugs could allow attackers to gain elevated access to user devices.
A second patch, listed under 2025-05-05, targets problems in hardware components from Qualcomm, MediaTek, Arm, and Imagination Technologies. This patch also includes updates to the Linux Kernel’s long-term support version, making Android more secure at its core.
Google has also updated Project Mainline, which delivers four key fixes through Google Play. This method lets users get essential updates without waiting for full OS upgrades.
If your Android device runs the 2025-05-05 patch, you’re covered. This patch includes all fixes from both May and previous months. Wear OS devices also received four unique updates this cycle. These patches fix issues that could cause privilege escalation or denial-of-service bugs. Meanwhile, Android Automotive OS got all the core updates, though no specific security issues were noted.
Security updates like this are vital. They fix hidden flaws before attackers can do more damage. Android users should check for updates and install them as soon as possible.
