Google has released the September 2025 security update for Android devices, addressing a total of 84 vulnerabilities, including two actively exploited flaws.

The two flaws that were detected as exploited in zero-day attacks are CVE-2025–38352, an elevation of privilege in the Android kernel, and CVE-2025–48543, also an elevation of privilege problem in the Android Runtime component.

Google noted in its bulletin that there are indications that those two flaws may be under limited, targeted exploitation, without sharing any more details.