Google released the Android Security Bulletin for December 2025 on December 1, with an update on December 4 the advisory patches more than 107 vulnerabilities across Android 13 through 16 and later.
Security patch levels of 2025-12-01 or 2025-12-05 fix these issues completely. Two high-severity flaws show signs of limited, targeted exploitation in the wild.
These zero-days, CVE-2025-48633 and CVE-2025-48572, reside in the Android Framework, the core system that handles app interactions and services.
The U.S. Cybersecurity and Infrastructure Security Agency added them to its Known Exploited Vulnerabilities catalog on December 2, requiring federal agencies to apply patches by December 23.
CVE-2025-48633 enables information disclosure without extra privileges. Attackers could extract sensitive system data, aiding further exploits or reconnaissance.
It affects Android 13, 14, 15, and 16. Google fixed it via AOSP changes for bug A-417988098. CVE-2025-48572 allows elevation of privilege, or EoP.
This allows local attackers to gain higher access and perform unauthorized actions, such as data theft or app control. It affects the identical versions that were patched under bug A-385736540.
No public exploits or attacker details exist. Past similar Framework flaws aided spyware or state attacks on select targets. Google shared no chaining info.
The gravest fix targets CVE-2025-48631, a critical Framework denial-of-service (DoS) vulnerability.
Remote attackers crash devices without privileges via crafted inputs, assuming mitigations are bypassed.
Kernel patches four critical EoP flaws needing no privileges: CVE-2025-48623 and CVE-2025-48637 in pKVM (protected Kernel Virtual Machine for secure VMs), CVE-2025-48624 in IOMMU (memory isolation), and CVE-2025-48638 in pKVM. Upstream kernel commits fix them.
Qualcomm closed-source gets two critical vulnerabilities: CVE-2025-47319 and CVE-2025-47372.
The framework lists 30+ high-severity EoP, ID, and DoS issues; the system has 14 EoP/ID issues.
Vendors add dozens: MediaTek 17 modem/IMS highs (CVE-2025-20725–20792), Unisoc 12 modem, Arm Mali two highs, Imagination PowerVR four highs, Qualcomm kernel/bootloader three highs.
| CVE | Type | Severity | Component | Key Fix Reference |
|---|---|---|---|---|
| CVE-2025-48633 | ID | High | Framework | A-417988098 |
| CVE-2025-48572 | EoP | High | Framework | A-385736540 |
| CVE-2025-48631 | DoS | Critical | Framework | A-444671303 |
| CVE-2025-48623 | EoP | Critical | Kernel (pKVM) | A-436580278 |
Check patch level in Settings > About phone > Android version.
Install updates promptly; Play Protect scans for threats. Partners got early notice; Pixel devices include extras like Dolby RCE.
PortSwigger has leveled up Burp Suite's scanning arsenal with the latest Active Scan++ extension, version…
Unit 42 researchers at Palo Alto Networks exposed serious flaws in the Model Context Protocol…
Polish police have arrested three Ukrainian men traveling through Europe and seized a cache of…
Google has launched its most significant Chrome update ever, embedding Gemini AI across the browser…
Attackers exploit this vulnerability through the router's web interface components, specifically "cgibin" and "hnap_main," by…
Security researchers have uncovered a severe flaw in Apache Tika, a popular open-source toolkit for…