Google Issues Critical Patch for Actively Exploited Android Vulnerability CVE-2025-27363 

• A critical zero-day vulnerability in Android is under active exploitation, Google said.
• However, a fix was made available in the tech giant’s latest security report, and users are urged to apply the patch.
• The security flaw allows remote code execution through specially crafted payloads.

Google has released an urgent security update to address a critical zero-day flaw in Android (CVE-2025-27363) currently being actively exploited by attackers. All Android users are strongly advised to apply the patch immediately to protect their devices and sensitive data.  

The flaw, assigned as CVE-2025-27363, enables attackers to execute remote code through specially crafted payloads, potentially leading to full device compromise. 

Exploitation of this vulnerability has already been observed in targeted campaigns, freeing attackers to access private data, install malicious software, and even take control of infected devices.  

Google’s latest security bulletin, tied to May 2025’s Android Security Update, includes a fix for CVE-2025-27363. Devices supporting these updates include those running Android 12 and newer versions. 

Many affected devices will receive Over-The-Air (OTA) updates automatically; users can manually check for updates via their device settings under "System Update."  

Devices from manufacturers such as Samsung, OnePlus, and Xiaomi may see a slight delay in patch availability, as these updates often require vendor-specific modifications and testing.  

To minimize risk and secure your devices, Google recommends the following steps:

• Update immediately: Navigate to Settings > System > System Update to ensure your device is running the latest version.  
• Download apps carefully: Install applications only from trusted sources, such as the Google Play Store, to reduce exposure to malicious software.  
• Enable Google Play Protect: Regularly enable and review Google Play Protect’s settings, Android's built-in protection against harmful apps.  
• Stay vigilant: Avoid clicking on suspicious links or downloading unsolicited attachments to limit exposure to malicious payloads utilizing this vulnerability. 

This critical vulnerability affects a broad range of Android devices running unpatched versions of the operating system. Details on specific attack vectors or affected models have not been disclosed to prevent further exploitation, although experts are cautioning that the flaw provides a significant gateway for cybercriminals.