Dec 02, 2025Ravie LakshmananMobile Safety / Vulnerability
Google on Monday launched month-to-month safety updates for the Android working system, together with two vulnerabilities that it mentioned have been exploited within the wild.
The patch addresses a complete of 107 safety flaws spanning totally different elements, together with Framework, System, Kernel, in addition to these from Arm, Creativeness Applied sciences, MediaTek, Qualcomm, and Unison.
The 2 high-severity shortcomings which have been exploited are listed under –
CVE-2025-48633 – An info disclosure vulnerability in Framework
CVE-2025-48572 – An elevation of privilege vulnerability in Framework
As is customary, Google has not launched any further particulars concerning the nature of the assaults, exploiting them, if they’ve been chained collectively or used individually, and the dimensions of such efforts. It isn’t recognized who’s behind the assaults.
Nevertheless, the tech large acknowledged in its advisory that there are indications they “could also be below restricted, focused exploitation.”
Additionally fastened by Google as a part of the December 2025 updates is a important vulnerability within the Framework element (CVE-2025-48631) that might end in distant denial-of-service (DoS) with no further execution privileges wanted.
The safety bulletin for December consists of two patch ranges, specifically, 2025-12-01 and 2025-12-05, giving machine producers flexibility to deal with a portion of vulnerabilities which can be related throughout all Android gadgets extra rapidly. Customers are really useful to replace their gadgets to the newest patch stage as quickly because the patches are launched.
The event comes three months after the corporate shipped fixes to remediate two actively exploited flaws within the Linux Kernel (CVE-2025-38352, CVSS rating: 7.4) and Android Runtime (CVE-2025-48543, CVSS rating: 7.4) that might result in native privilege escalation.
