Google’s March 2025 Android Security Update Patches Two Actively Exploited Flaws

Google has released the March 2025 Android Security Bulletin, addressing 44 vulnerabilities, including two that have been actively exploited in the wild.

The two high-severity flaws are:

• CVE-2024-43093 – A privilege escalation vulnerability in the Framework component that allows unauthorized access to directories such as “Android/data,” “Android/obb,” and “Android/sandbox,” along with their subdirectories.
• CVE-2024-50302 – A privilege escalation flaw in the HID USB component of the Linux kernel that could expose uninitialized kernel memory to a local attacker via specially crafted HID reports.

Notably, Google previously flagged CVE-2024-43093 as actively exploited in its November 2024 security advisory. However, the reason for its reissuance remains unclear.

Meanwhile, CVE-2024-50302 is linked to a zero-day exploit used by Cellebrite to compromise the Android phone of a Serbian youth activist in December 2024. The exploit combined CVE-2024-50302 with two other Linux kernel flaws—CVE-2024-53104 and CVE-2024-53197—to escalate privileges and likely deploy the Android spyware NoviSpy.

All three kernel vulnerabilities were patched late last year, with CVE-2024-53104 receiving an Android fix last month.

In its advisory, Google acknowledged that CVE-2024-43093 and CVE-2024-50302 have been subjected to “limited, targeted exploitation.”

To help Android partners quickly mitigate common vulnerabilities across devices, Google has released two security patch levels: 2025-03-01 and 2025-03-05.