Response from the developers:
We apply all patches, hence the security update date available in settings is always the real one. By using vanir tool on the latest /e/OS v3.0.4 build for FP6, we detected that we miss CVE-2025-22435, published in April 2025-04 Android Security Bulletin. We are working on fixing this issue for our next /e/OS release (/e/OS v3.1, expected early August).