Google has launched crucial safety patches addressing two high-severity zero-day vulnerabilities in Android which can be presently being exploited in restricted, focused assaults.
The vulnerabilities, disclosed within the December 2025 Android Safety Bulletin, have an effect on a number of Android variations and require instant consideration from gadget producers and customers.
Energetic Exploitation Confirmed
The 2 CVEs below lively exploitation, CVE-2025-48633 and CVE-2025-48572, have been recognized with proof of real-world utilization.
| CVE ID | Sort | Severity | Affected Android Variations |
|---|---|---|---|
| CVE-2025-48633 | Info Disclosure | Excessive | 13, 14, 15, 16 |
| CVE-2025-48572 | Elevation of Privilege (EoP) | Excessive | 13, 14, 15, 16 |
Google’s safety crew flagged each vulnerabilities as having indications of restricted, focused exploitation within the wild.
These discoveries spotlight the continued risk panorama the place attackers shortly establish and weaponize newly disclosed Android vulnerabilities.
CVE-2025-48633, an info disclosure vulnerability in Android’s Framework element, has been rated as excessive severity and impacts Android variations 13 by 16.
This vulnerability might enable attackers to entry delicate info with out requiring elevated privileges, doubtlessly exposing consumer knowledge throughout thousands and thousands of gadgets.
The second vulnerability, CVE-2025-48572, is a high-severity elevation-of-privilege (EoP) flaw.
One of these vulnerability is hazardous because it allows attackers to realize administrative management over affected gadgets.
Each vulnerabilities influence the equivalent Android variations 13, 14, 15, and 16, making a considerable portion of the Android ecosystem weak till patches are utilized.
The affected Framework and System parts are elementary to Android’s core performance, indicating a big potential for widespread influence.
Google introduced that safety patch ranges dated December 5, 2025, or later deal with all disclosed points.
Android companions acquired notification of those vulnerabilities a minimum of one month earlier than the general public bulletin, permitting gadget producers time to organize patches.
Google has dedicated to releasing corresponding supply code patches to the Android Open Supply Challenge (AOSP) repository inside 48 hours of the bulletin’s preliminary publication.
Customers who set up purposes exterior Google Play ought to train further warning, as risk actors could distribute malicious apps designed to use these vulnerabilities.
Protecting Android gadgets up to date and avoiding sideloaded purposes from untrusted sources stays one of the best protection.
System house owners ought to instantly test their safety patch degree and replace their gadgets when patches change into obtainable.
The replace course of varies by gadget producer and provider, however most fashionable Android gadgets supply automated updates.
Customers can confirm their present patch degree in gadget settings below About Telephone or System Updates.
Comply with us on Google Information, LinkedIn, and X to Get Prompt Updates and Set GBH as a Most well-liked Supply in Google.
