Actively exploited FreeType flaw fixed in Android (CVE-2025-27363)

May 7, 2025

SecurityVulnerabilityCVEGoogleLinuxAndroid

Google has released fixes for a bucketload of Android security vulnerabilities, including a FreeType flaw (CVE-2025-27363) that “may be under limited, targeted exploitation.”

Android CVE-2025-27363

About CVE-2025-27363

CVE-2025-27363 is an out of bounds write vulnerability in FreeType, an open-source software library that renders fonts (thus, text) onto digital displays (e.g., screens) and is used across many platforms, including Android, iOS, macOS, and Linux.

FreeType has been the source of multiple security vulnerabilities over the years, mostly due to malformed font files used to exploit memory handling.

CVE-2025-27363 affects FreeType versions 0.0.0 through 2.13.0 and was flagged by Facebook in March 2025 as possibly exploited in the wild.

The security issue is triggered when a vulnerable version of the library attempts to parse font subglyph structures related to TrueType GX and variable font files.

“The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution,” the company explained.

Facebook and Google did not share any additional details about the attacks. Google only said that the vulnerability could lead to local code execution with no additional execution privileges nor any user interaction needed (i.e., can be exploited in “zero-click” attacks).

As Malwarebytes’ Pieter Arntz noted, “it’s reasonable to assume that simply opening a document or app containing a malicious font could compromise your device.”

Update your Android device(s)

As per usual, the May 2025 Android Security Bulletin includes two security patch levels: the first one addresses general Android vulnerabilities, and the second one addresses those + vulnerabilities specific to certain hardware components or manufacturers, such as Qualcomm, MediaTek, Arm, etc.

This dual patch level system allows device manufacturers flexibility in integrating and deploying updates. They get notified of the issues in advance, but they sometimes lag with pushing out patches for their Android-based devices.

Fixes for the 40+ vulnerabilities addressed in this patch level have been provided for Android versions 13, 14, and 15.

Android users should check whether there are new updates available for their device and upgrade if there are.

source: HelpNetSecurity

Microsoft: April updates cause Windows Server auth issues

Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization