Android のセキュリティに関する公開情報 - 2025 年 9 月

https://source.android.com/docs/security/bulletin/2025-09-01?hl=ja (09/04)

『注: 以下に示す CVE は限定的な標的型攻撃の対象であるという兆候があります。

• CVE-2025-38352
• CVE-2025-48543

』

 

すでにKEVカタログにも載っている　↓

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-38352 (09/04)

『Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability:

Linux kernel contains a time-of-check time-of-use (TOCTOU) race condition vulnerability that has a high impact on confidentiality, integrity, and availability.

』

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-48543 (09/04)

『Android Runtime Use-After-Free Vulnerability:

Android Runtime contains a use-after-free vulnerability potentially allowing a chrome sandbox escape leading to local privilege escalation.

』