CISA has added two important Android Framework vulnerabilities to its Identified Exploited Vulnerabilities catalog, signaling lively exploitation within the wild.
The vulnerabilities have an effect on the Android OS and pose vital dangers to hundreds of thousands of cellular units worldwide.
CISA added the vulnerabilities to its KEV catalog on December 2, 2025, requiring federal businesses and significant infrastructure operators to use patches by December 23, 2025.
The 2 vulnerabilities are CVE-2025-48572, an Android Framework privilege escalation flaw, and CVE-2025-48633, an info disclosure vulnerability in the identical framework part.
Vulnerabilities Added to Identified Exploited Checklist
CVE-2025-48572 is a privilege escalation vulnerability within the Android Framework that might enable risk actors to realize elevated permissions on compromised units.
The vulnerability’s unspecified nature suggests Google remains to be withholding technical particulars to forestall widespread exploitation earlier than patches change into obtainable.
As soon as an attacker features privilege escalation, they’ll set up malware, entry delicate person information, or set up persistent backdoors on affected units.
The second vulnerability, CVE-2025-48633, allows info disclosure assaults by the Android Framework.
CVE IDVulnerability TypeComponentStatusCVE-2025-48572Privilege EscalationAndroid FrameworkActive ExploitationCVE-2025-48633Information DisclosureAndroid FrameworkActive Exploitation
This flaw may enable attackers to extract delicate information from affected units with out requiring express person interplay.
When mixed with privilege escalation vulnerabilities, info disclosure flaws create a strong assault chain that may compromise machine safety completely.
Neither vulnerability has been confirmed to be used in ransomware campaigns presently. Nonetheless, CISA’s determination so as to add them to the KEV catalog signifies lively exploitation.
Risk actors concentrating on Android units typically exploit a number of vulnerabilities to maximise assault success charges, making speedy patching important for machine homeowners and enterprise directors.
CISA recommends organizations take speedy motion by making use of vendor-supplied mitigations as quickly as patches change into obtainable.
Federal businesses should adjust to the December 23 deadline per binding operational directive BOD 22-01.
Organizations unable to use patches ought to contemplate discontinuing use of affected merchandise or implementing extra compensating safety controls to scale back publicity.
Cellular machine customers ought to allow automated safety updates on their Android units and test Google Play System Replace settings for pending patches.
Enterprise directors ought to prioritize deploying Android safety updates throughout company-owned units and talk patch availability to customers.
Moreover, organizations ought to monitor for indicators of compromise associated to those vulnerabilities and implement community segmentation to restrict lateral motion if compromise happens.
The Android safety panorama continues evolving as risk actors develop subtle assault chains concentrating on cellular platforms.
This newest CISA advisory underscores the significance of sustaining machine safety by common patching, safety monitoring, and immediate incident response capabilities.
Organizations ought to deal with this advisory with excessive urgency and prioritize remediation efforts accordingly.
Comply with us on Google Information, LinkedIn, and X for day by day cybersecurity updates. Contact us to function your tales.
