Concise Cyber

Subscribe below for free to get these delivered straight to your inbox

Advertisements
Google Patches Two Actively Exploited Android Zero-Day Vulnerabilities (CVE-2025-48633, CVE-2025-48572)
Advertisements

Google has released its December 2025 Android Security Bulletin, addressing a series of vulnerabilities in the mobile operating system. Among the fixes are patches for two security flaws, identified as CVE-2025-48633 and CVE-2025-48572, which the company confirmed are being actively exploited in targeted attacks.

In the security bulletin, Google stated there are “indications that CVE-2025-48633 and CVE-2025-48572 may be under limited, targeted exploitation.” The company has not released specific details about the nature of these attacks or the threat actors involved. This practice is common to prevent wider exploitation of the vulnerabilities before users have had the opportunity to apply the security updates.

Details on the Exploited Vulnerabilities

The two vulnerabilities affect core components within the Android OS. CVE-2025-48633 is a flaw found within the Android Framework, while CVE-2025-48572 impacts a closed-source vendor component. The severity ratings for these vulnerabilities have been assessed, and due to the active exploitation, they are considered high-priority fixes.

Android partners were notified of these issues at least a month in advance of the public bulletin’s release to allow time for them to prepare and test patches for their respective devices. Access to the technical details of the flaws remains restricted.

December 2025 Security Update Rollout

The patches for these vulnerabilities are included in two security patch levels for December 2025. The 2025-12-01 patch level addresses some of the vulnerabilities, while the more comprehensive 2025-12-05 patch level addresses all issues disclosed in the December bulletin, including both CVE-2025-48633 and CVE-2025-48572.

Google has started rolling out these updates to its supported Pixel devices. Other Android device manufacturers will release the updates for their devices according to their own schedules. Users are advised to install the December 2025 security update as soon as it becomes available for their device to protect against these known threats.

Source: https://www.helpnetsecurity.com/2025/12/02/android-cve-2025-48633-cve-2025-48572/