Google has released its latest Android Security Bulletin for February 2025, addressing multiple high-severity vulnerabilities across various Android components, including a critical security flaw in Qualcomm's WLAN module.
The bulletin, which introduces two security patch levels (2025-02-01 and 2025-02-05), highlights a particularly concerning vulnerability, CVE-2024-53104 (CVSS score: 7.8) in the Framework component that could enable local privilege escalation without requiring additional execution privileges.
It's a heap buffer overflow in a Linux kernel USB peripheral driver that Linux has already patched. Google notes there are indications this vulnerability "may be under limited, targeted exploitation."
The most severe issue addressed in this update is a critical vulnerability (CVE-2024-45569) affecting Qualcomm's WLAN component. This vulnerability has received the highest severity rating in the bulletin, emphasizing the importance of prompt patching for affected devices.
The Framework component updates include eight high-severity elevations of privilege (EoP) vulnerabilities and multiple information disclosure issues affecting Android versions 12 through 15. The System component patches address three high-severity EoP vulnerabilities, with one (CVE-2025-0096) specifically affecting Android 15 devices.
Android Security Vulnerabilities - February 2025
| CVE ID | Component | Severity | Type | Impact | Affected Versions/Notes |
|---|---|---|---|---|---|
| CVE-2024-45569 | Qualcomm WLAN | Critical | RCE | Remote code execution | All supported versions |
| CVE-2024-49721 | Framework | High | EoP | Local privilege escalation | Android 12, 12L, 13 |
| CVE-2024-49743 | Framework | High | EoP | Local privilege escalation | Android 12, 12L, 13, 14, 15 |
| CVE-2024-49746 | Framework | High | EoP | Local privilege escalation | Android 12, 12L, 13, 14, 15 |
| CVE-2025-0097 | Framework | High | EoP | Local privilege escalation | Android 15 |
| CVE-2025-0098 | Framework | High | EoP | Local privilege escalation | Android 15 |
| CVE-2025-0099 | Framework | High | EoP | Local privilege escalation | Android 15 |
| CVE-2024-53104 | Kernel UVC | High | EoP | Local privilege escalation | Under limited exploitation |
| CVE-2025-0094 | Platform | High | EoP | Local privilege escalation | Android 12, 12L, 13, 14, 15 |
| CVE-2025-0091 | System | High | EoP | Local privilege escalation | Android 12, 12L, 13, 14, 15 |
| CVE-2025-0095 | System | High | EoP | Local privilege escalation | Android 14, 15 |
| CVE-2025-0096 | System | High | EoP | Local privilege escalation | Android 15 |
| CVE-2025-0015 | ARM Mali | High | EoP | Local privilege escalation | GPU Components |
| CVE-2024-39441 | Unisoc | High | EoP | Local privilege escalation | Android Component |
| CVE-2025-20634 | MediaTek | High | EoP | Local privilege escalation | Modem Component |
| CVE-2023-40122 | Framework | High | ID | Information disclosure | Android 12, 12L, 13, 14, 15 |
| CVE-2024-49723 | System | High | ID | Information disclosure | Android 15 |
| CVE-2024-49729 | System | High | ID | Information disclosure | Android 12, 12L, 13, 14, 15 |
| CVE-2024-49741 | Framework | High | DoS | Denial of service | Android 12, 12L, 13, 14, 15 |
Additionally, the bulletin includes fixes for vulnerabilities in vendor-specific components from MediaTek, Unisoc, and Imagination Technologies. Of particular note is a high-severity vulnerability (CVE-2025-0015) affecting Arm's Mali GPU components.
Google emphasizes the role of platform and service mitigations in reducing exploitation risks: "Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform. We encourage all users to update to the latest version of Android where possible."
The security update is being rolled out through two patch levels: devices receiving the 2025-02-01 patch level will get fixes for the Framework and System components.
In contrast, the 2025-02-05 patch level includes additional vendor-specific security patches. Google Play Protect, enabled by default on devices with Google Mobile Services, provides an additional layer of security, particularly for users who install apps from outside the Google Play Store.
Device manufacturers must notify users as these security patches become available for specific device models.