Google on Monday introduced a recent set of safety updates for the Android platform, to deal with two vulnerabilities within the System element.
The November 2025 Android fixes mark one other shift from the month-to-month updates the web large has been rolling out since 2015, as they arrive with a single safety patch degree, the 2025-11-01 patch degree.
For almost a decade, the replace was break up into two safety patch ranges, to make it simpler for distributors to deal with vulnerabilities particular to their units. The second safety patch degree of every month contained patches for all of the bugs described in that month’s safety bulletin.
July 2025 was the primary month in a decade when no fixes have been rolled out for Android customers, and the identical occurred in October. In August and September, nevertheless, Google resolved over 100 vulnerabilities, together with three exploited points.
The corporate makes no point out of both of the 2 flaws resolved this month being exploited within the wild, however warns that considered one of them could possibly be abused for distant code execution (RCE).
“Probably the most extreme of those points is a crucial safety vulnerability within the System element that would result in distant code execution with no further execution privileges wanted. Consumer interplay isn’t wanted for exploitation,” Google’s safety bulletin reads.
The safety defect is tracked as CVE-2025-48593 and is described as an inadequate validation of consumer enter difficulty that impacts Android variations 13, 14, 15, and 16.
The second Android vulnerability resolved this month is tracked as CVE-2025-48581 and impacts units working Android 16.Commercial. Scroll to proceed studying.
“In VerifyNoOverlapInSessions of apexd.cpp, there’s a attainable option to block safety updates by means of mainline installations attributable to a logic error within the code. This might result in native escalation of privilege with no further execution privileges wanted,” a NIST advisory reads.
There aren’t any safety points addressed in Google Play system updates and no safety patches within the November 2025 Automotive OS and Put on OS bulletins.
Gadgets working a safety patch degree of 2025-11-01 are patched in opposition to the vulnerabilities described above.
Associated: Pixnapping Assault Steals Knowledge From Google, Samsung Android Telephones
Associated: In Different Information: PQC Adoption, New Android Adware, FEMA Knowledge Breach
Associated: Samsung Patches Zero-Day Exploited Towards Android Customers
Associated: Lecturers Construct AI-Powered Android Vulnerability Discovery and Validation Software
