September 2025: Google fixes 120 Android vulnerabilities, including 2 zero-days

At the beginning of September 2025, Google released its monthly Android security update. And this time, the numbers are striking: a total of 120 vulnerabilities, compared to only 6 last month. Among them, two zero-day vulnerabilities had already been exploited by cybercriminals before the fix was made available.

A Massive and Critical Patch

Among the 120 vulnerabilities patched, two are particularly concerning because they were already being actively exploited at the time of the patch:

• CVE-2025-38352: a flaw in the Android system allowing a malicious application to gain more privileges than intended
• CVE-2025-48543: a vulnerability in the Android runtime, allowing system protections to be bypassed

These two vulnerabilities can be seen as true entry points, giving cybercriminals the ability to escalate privileges and override the security mechanisms meant to protect data.

Beyond these two critical flaws, the September patch also addresses numerous other vulnerabilities in the Android system and in chips from manufacturers such as Qualcomm and MediaTek. Notably, a Remote Code Execution (RCE) vulnerability was fixed in the System component, which could have allowed a cybercriminal to take full remote control of a device.

Why Businesses Should Care

Today, smartphones are true work tools: professional messaging, access to business applications, sharing of sensitive documents… When an Android zero-day vulnerability is exploited, organizational data and security are directly at risk.

Two major challenges aggravate the situation:

• Android fragmentation: not all devices receive updates at the same time, leaving some exposed longer
• BYOD (Bring Your Own Device): many employees use their personal phones, with no guarantee they are up to date

Protection Beyond Updates

Installing the September patch is essential. But between the discovery of a vulnerability and the release of a patch, there is always a window of exposure during which cybercriminals can exploit zero-days. Moreover, not all devices receive updates at the same time, especially in BYOD environments.

The Pradeo Mobile Threat Defense (MTD) solution provides continuous protection by:

• Detecting suspicious behaviors in real time related to vulnerability exploitation
• Automatically blocking malicious applications or connections
• Offering security teams clear visibility into each device’s status and patch level
• Protecting sensitive data even in hybrid or BYOD environments

The leap from 6 vulnerabilities fixed in August to 120 in September is a strong warning. To counter fast-evolving and sophisticated threats, businesses need mobile solutions that continuously detect, block, and protect. With Pradeo, they remain one step ahead of cybercriminals.