- Android OS patch levels prior to 2025-09-05
- Large and medium government entities: High
- Small government entities: Medium
- Large and medium business entities: High
- Small business entities: Medium
- A vulnerability in System that could allow for remote code execution. (CVE-2025-48539)
- A vulnerability in Android Runtime that could allow for elevation of privilege. (CVE-2025-48543)
- Multiple vulnerabilities in Framework that could allow for elevation of privilege. (CVE-2025-0089, CVE-2025-32324, CVE-2025-32325, CVE-2025-32331, CVE-2025-32349, CVE-2025-32350, CVE-2025-48522, CVE-2025-48528, CVE-2025-48540, CVE-2025-48546, CVE-2025-48548, CVE-2025-48549, CVE-2025-48552, CVE-2025-48553, CVE-2025-48556, CVE-2025-48558, CVE-2025-48563)
- Multiple vulnerabilities in Framework that could allow for information disclosure. (CVE-2025-0076, CVE-2025-32330, CVE-2025-48529, CVE-2025-48537, CVE-2025-48545, CVE-2025-48561, CVE-2025-48562)
- Multiple vulnerabilities in Framework that could allow for denial of service. (CVE-2025-48538, CVE-2025-48542, CVE-2025-48550, CVE-2025-48554, CVE-2025-48559)
- Multiple vulnerabilities in System that could allow for elevation of privilege. (CVE-2021-39810, CVE-2023-24023, CVE-2024-49714, CVE-2025-26454, CVE-2025-26464, CVE-2025-32321, CVE-2025-32323, CVE-2025-32326, CVE-2025-32327, CVE-2025-32333, CVE-2025-32345, CVE-2025-32346, CVE-2025-32347, CVE-2025-48523, CVE-2025-48526, CVE-2025-48531, CVE-2025-48532, CVE-2025-48535, CVE-2025-48541, CVE-2025-48544, CVE-2025-48547, CVE-2025-48581)
- Multiple vulnerabilities in System that could allow for information disclosure. (CVE-2025-48527, CVE-2025-48551, CVE-2025-48560)
- Multiple vulnerabilities in System that could allow for denial of service. (CVE-2025-48524, CVE-2025-48534)
- Multiple vulnerabilities in Kernel could allow for elevation of privileges. (CVE-2025-21755, CVE-2025-38352)
- A vulnerability in Widevine DRM. (CVE-2025-32332)
- Multiple vulnerabilities in Arm components. (CVE-2024-7881, CVE-2025-1246, CVE-2025-3212)
- Multiple vulnerabilities in Imagination Technologies. (CVE-2024-47898, CVE-2024-47899, CVE-2025-0467, CVE-2025-1706, CVE-2025-8109, CVE-2025-25179, CVE-2025-25180, CVE-2025-46707, CVE-2025-46708, CVE-2025-46710)
- Multiple vulnerabilities in MediaTek components. (CVE-2025-20696, CVE-2025-20704, CVE-2025-20708, CVE-2025-20703)
- Multiple vulnerabilities in Qualcomm components. (CVE-2025-27042, CVE-2025-27043, CVE-2025-27056, CVE-2025-27057, CVE-2025-27061)
- Multiple vulnerabilities in Qualcomm closed-source components. (CVE-2025-21450, CVE-2025-21483, CVE-2025-27034, CVE-2025-21427, CVE-2025-21432, CVE-2025-21433, CVE-2025-21446, CVE-2025-21449, CVE-2025-21454, CVE-2025-21464, CVE-2025-21465, CVE-2025-21477, CVE-2025-21481, CVE-2025-21482, CVE-2025-21484, CVE-2025-21487, CVE-2025-21488, CVE-2025-27032, CVE-2025-27052, CVE-2025-27065, CVE-2025-27066, CVE-2025-27073, CVE-2025-47317, CVE-2025-47318, CVE-2025-47326, CVE-2025-47328, CVE-2025-47329)
- Apply appropriate patches provided by Google to vulnerable systems, immediately after appropriate testing. (M1051: Update Software)
- Safeguard 7.1: Establish and Maintain a Vulnerability Management Process: Establish and maintain a documented vulnerability management process for enterprise assets. Review and update documentation annually, or when significant enterprise changes occur that could impact this Safeguard.
- Safeguard 7.4: Perform Automated Application Patch Management: Perform application updates on enterprise assets through automated patch management on a monthly, or more frequent, basis.
- Safeguard 7.5: Perform Automated Vulnerability Scans of Internal Enterprise Assets: Perform automated vulnerability scans of internal enterprise assets on a quarterly, or more frequent, basis. Conduct both authenticated and unauthenticated scans, using a SCAP-compliant vulnerability scanning tool.
- Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources. Inform and educate users regarding threats posed by hypertext links contained in emails or attachments, especially from un-trusted sources. (M1017: User Training)
- Use capabilities to detect and block conditions that may lead to or be indicative of a software exploit occurring. (M1050: Exploit Protection)
- Safeguard 10.5: Enable Anti-Exploitation Features: Enable anti-exploitation features on enterprise assets and software, where possible, such as Apple® System Integrity Protection (SIP) and Gatekeeper™.
REFERENCES:
Google: https://source.android.com/<wbr />docs/security/bulletin/2025-<wbr />09-01#Google-Play-system-<wbr />updates CVE: https://cve.mitre.org/cgi-bin/<wbr />cvename.cgi?name=CVE-2021-<wbr />39810 https://cve.mitre.org/cgi-bin/<wbr />cvename.cgi?name=CVE-2023-<wbr />24023 https://cve.mitre.org/cgi-bin/<wbr />cvename.cgi?name=CVE-2024-7881
