Google has issued a critical warning for all Android users, confirming that two separate vulnerabilities have been exploited in the wild. Such is the seriousness of its security update this month, that Google will quickly fix all eligible Pixel devices.

The two high-severity vulnerabilities that have been exploited — CVE-2025-38352 and CVE-2025-48543 — affect the Android Kernel and Android Runtime respectively. As ever, Google has not issued any material detail at this early stage.

There are also four other critical fixes — CVE-2025-48539, CVE-2025-21450, CVE-2025-21483 and CVE-2025-27034. The first is an Android System issue, whilst the other three relate to Qualcomm chipsets and the release of manufacturer fixes.

Google says CVE-2025-48543 and CVE-2025-38352 are deeply concerning, and both “could lead to local escalation of privilege with no additional execution privileges needed." More alarmingly, "user interaction is not needed for exploitation.”