Google on Monday released its monthly security update for its Android operating system, which included two vulnerabilities that have been reportedly exploited in the wild.
The patch addresses a total of 107 security flaws across a variety of components, including frameworks, systems, and kernels, as well as components from Arm, Imagination Technologies, MediaTek, Qualcomm, and Unison.
Two high-severity flaws that have been exploited are listed below.
CVE-2025-48633 – Framework Information Disclosure Vulnerability CVE-2025-48572 – Framework Privilege Elevation Vulnerability
As is customary, Google did not release additional details about the nature of the attack, its exploitation, whether it was chained or used individually, or its scale. It is unclear who is behind the attack.
However, the tech giant acknowledged in its advisory that there are signs that it “may be subject to limited and targeted exploitation.”
A critical vulnerability in the framework component (CVE-2025-48631) has also been fixed by Google as part of the December 2025 update, which could allow a remote denial of service (DoS) with no additional execution privileges required.
The December security bulletin includes two patch levels, 2025-12-01 and 2025-12-05, giving device manufacturers the flexibility to more quickly address some of the same vulnerabilities across all Android devices. Users are encouraged to update their devices to the latest patch level as soon as patches are released.
This development comes three months after the company shipped a patch to fix two currently exploited flaws in the Linux kernel (CVE-2025-38352, CVSS score: 7.4) and Android runtime (CVE-2025-48543, CVSS score: 7.4) that could lead to local privilege escalation.
Source link
