Samsung disclosed, on September 3, 2025, the details of its monthly security package for Galaxy devices, combining Google’s Android patches with specific fixes for the One UI interface, aimed at safeguarding users from critical and high-severity vulnerabilities in system components. Posted on the company’s official security blog, the information outlines 71 corrections applied to Android, featuring 2 critical flaws and 58 high-risk issues, plus 25 solutions tailored to One UI, impacting areas like contact management and permissions. This update, already embedded in One UI 8 beta versions for devices such as Galaxy S24 and Z Fold5, begins global rollout in the coming days, starting with flagships like the S25 series, where the stable One UI 8 version arrives later this month.
The goal addresses risks of unauthorized access and exploits, responding to reports of flaws dating back to December 2024, including SVE-2024-2288. Users in regions like South Korea, India, and the United States report download sizes ranging from 800 MB to 3 GB in recent betas, emphasizing stability and personal data protection.
General corrections in Android
The package incorporates Google’s monthly patch, addressing issues in the operating system’s core. Two critical vulnerabilities receive priority attention, enabling remote code executions in elevated privilege scenarios. Fifty-eight high-severity flaws complete the set, covering problems like out-of-bounds accesses and improper permission managements in network and multimedia modules.
One of the fixes was already included in prior updates, while ten others do not apply directly to Galaxy devices due to Samsung’s specific configurations. Internal tests show these adjustments reduce known exploitation risks by up to 90 percent, based on global incident data from the past six months.
Older devices, such as the Galaxy Note20, also get variants of this patch, adapted for legacy hardware to ensure compatibility without performance hits.
Exclusive adjustments in One UI
Twenty-five corrections target Samsung’s proprietary interface, resolving flaws in native apps and system services. The SVE-2024-2288, linked to CVE-2025-21032, fixes a medium-level vulnerability affecting One UI 6 and 7 versions, allowing unauthorized data accesses in contacts.
Other solutions include protections against out-of-bounds reads in apps like Samsung Notes and enhancements in access controls within the ContactProvider. The semiconductor division adds a medium-flaw correction, bolstering hardware components like Exynos processors.
These tweaks apply to devices running One UI 8 beta, where users notice stability improvements during tests on models like Galaxy A55 and S23 Ultra.
- Flaws in permission management within MARsExemptionManager.
- Protections against improper executions in One UI Home.
- Fixes for unauthorized accesses in location services.
- Adjustments in network modules to prevent data leaks.
Distribution and compatibility
The update rolls out in waves, starting in regions like South Korea and India, where One UI 8 betas already include the patch. Models like Galaxy S24 Ultra receive files around 930 MB, while variants for Z Flip6 reach 914 MB.
Compatibility spans from recent flagships to mid-range lines like Galaxy A36 and A54, with timelines varying by carrier and location. Beta program users access via software settings, with automatic notifications.
In updates for Galaxy Z Fold5, the size hits 3,207 MB, integrating not only security but also interface optimizations.
Detailed critical vulnerabilities
Two critical Android flaws get urgent fixes, focused on exploits that could compromise the system kernel. CVE-2025-48539 and CVE-2025-27034 highlight remote code risks, identified in joint security analyses between Google and Samsung.
These vulnerabilities mainly affect devices on unsecured networks, with patches designed to block common attack vectors. Reports indicate similar incidents occurred in less than 1 percent of global users over the last 12 months.
Integration with One UI ensures the fixes do not affect daily use, maintaining fluidity in tasks like multitasking.
- CVE-2025-48539: Remote execution in elevated privileges.
- CVE-2025-27034: Unauthorized access to kernel components.
- Preventive measures for public Wi-Fi networks.
- Blocks in susceptible multimedia modules.
High and moderate severity flaws
Fifty-eight high-severity Android vulnerabilities receive treatment, spanning areas like connectivity and media processing. Examples include CVE-2025-48543 and CVE-2025-0089, involving out-of-bounds writes in hardware drivers.
Ten moderate corrections complement, focusing on SVEs like SVE-2025-0012 (CVE-2025-21033), resolving improper reads in native apps. Samsung Semiconductor adds CVE-2025-32100, a high-risk one, for integrated chips.
These adjustments raise the overall security score of devices, aligning with international certification standards.
Integration with One UI 8
Devices in the One UI 8 beta, based on Android 16, already feature the September patch, with versions like ZYHB distributed in countries such as the United States and United Kingdom. Beta updates for Galaxy S25 Ultra reach 832 MB, incorporating new interface tools.
The stable One UI 8 version, scheduled for September release on Galaxy S25, includes these fixes as standard, expanding to other models sequentially. Users report enhancements in features like Now Brief, added in recent betas.
The installation process requires a stable connection, with backups recommended to avoid data losses.
- Beta versions with sizes ranging from 800 to 3,000 MB.
- Inclusion of optimizations for foldables like Z Fold5.
- Support for A-series lines in emerging markets.
- Enhanced security features in native apps.
Semiconductor measures
Samsung’s semiconductor division contributes specific fixes for chips like Exynos, resolving medium flaws that could impact performance in intensive tasks. CVE-2025-32100 focuses on protections against unauthorized accesses in processing modules.
These solutions integrate into the Galaxy ecosystem, ensuring compatibility with future 2 nm productions for the S26 line. Lab tests demonstrate risk reductions in thermal overload scenarios.
The unified approach between software and hardware strengthens device durability.
Update procedures
Users access the update through settings, checking availability manually. In betas, the process involves official Samsung program enrollment, with feedback collected for refinements.
Devices like Galaxy A35 receive 2,378 MB files, with quick installation on high-speed connections. Recommendations include charging the battery above 50 percent before starting.
Global distribution happens in phases, prioritizing regions with larger user bases.
- Manual verification in software settings.
- Enrollment in betas via Members app.
- Backups through Smart Switch for safety.
- Monitoring of push notifications.
Comparisons with previous patches
The September package exceeds August’s in correction volume, emphasizing critical flaws absent in prior months. Data shows Samsung’s monthly updates cover 95 percent of annually reported vulnerabilities.
Relative to Google, integrations add extra protection layers for specific hardware, like cameras and biometric sensors. Users of older lines, such as S21 FE, remain eligible for monthly patches.
This consistency positions Samsung ahead in support cycles, with up to seven years of updates for flagships.
