CVE-2025-27038

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: March 3, 2026 5 articles

VulnLookup ↗ NVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24

1.37%

probability

This CVE has a 1.37% probability of being exploited in the next 30 days.

0% Top 80.4th percentile of all CVEs 100%

CVSS score unavailable

Neither CIRCL nor NVD returned a CVSS score for this CVE. View on VulnerabilityLookup ↗

Description

Project Zero

UAF

Attack Intelligence

CWE-118 · Incorrect Access of Indexable Resource ('Range Error') CWE-119 · Buffer Overflow CWE-416 · Use After Free CWE-664 · Improper Control of a Resource Through its Lifetime CWE-666 · Operation on Resource in Wrong Phase of Lifetime CWE-672 · Operation on a Resource after Expiration or Release CWE-825 · Expired Pointer Dereference

Google Project Zero

Patched

June 2, 2025

Reported by

Google Threat Analysis Group

Root Cause Analysis

???

Android Security Alert: Google Patches 120 Flaws, Including Two Zero-Days Under Attack

TheHackerNews

Google’s August Patch Fixes Two Qualcomm Vulnerabilities Exploited in the Wild

TheHackerNews

Android gets patches for Qualcomm flaws exploited in attacks

BleepingComputer Aug 05, 2025

Qualcomm fixes three Adreno GPU zero-days exploited in attacks

BleepingComputer Jun 02, 2025

Qualcomm Fixes 3 Zero-Days Used in Targeted Android Attacks via Adreno GPU

TheHackerNews

Signal Intelligence

Confidenceⓘ

—%

EPSS 1.37%

Mentions 5

Last Seen Aug 05, 2025

CNA Information

Triage Info

Decided atMar 03, 2026