Google addresses one actively exploited vulnerability in May’s Android security update

Google addressed 47 vulnerabilities affecting Android devices in its May security update, including an actively exploited software defect that was first disclosed in March. Google said the high-severity vulnerability, CVE-2025-27363, “may be under limited, targeted exploitation.”

The out-of-bounds write defect in FreeType versions 2.13.0 and below may result in arbitrary code execution, Facebook said in March when it disclosed the vulnerability in a security advisory acting in its capacity as a CVE numbering authority. The vulnerability has a base score of 8.1 on the CVSS scale and is still awaiting further assessment by the National Institute of Standards and Technology’s National Vulnerability Database program.

Read more at CyberScoop