{"id":8861,"date":"2025-12-02T10:04:04","date_gmt":"2025-12-02T10:04:04","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2025\/12\/02\/google-patches-android-0-day-vulnerabilities-exploited-in-the-wild\/"},"modified":"2025-12-02T10:04:04","modified_gmt":"2025-12-02T10:04:04","slug":"google-patches-android-0-day-vulnerabilities-exploited-in-the-wild","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2025\/12\/02\/google-patches-android-0-day-vulnerabilities-exploited-in-the-wild\/","title":{"rendered":"Google Patches Android 0-Day Vulnerabilities Exploited in the Wild"},"content":{"rendered":"<p>    Google Patches Android 0-Day Vulnerabilities Exploited in the Wild<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>\n<p>Google has released critical security updates to address multiple <a href=\"https:\/\/cybersecuritynews.com\/north-korean-kimsuky-and-lazarus-join-forces\/\" target=\"_blank\" rel=\"noreferrer noopener\">zero-day <\/a>vulnerabilities affecting Android devices worldwide.<\/p>\n<p>The December 2025 security bulletin reveals that threat actors are actively exploiting at least two of these vulnerabilities in <a href=\"https:\/\/cybersecuritynews.com\/mad-cat-meow-attack-tool\/\" target=\"_blank\" rel=\"noreferrer noopener\">real-world attacks<\/a>, prompting urgent action from the tech giant.<\/p>\n<h2 class=\"wp-block-heading\" id=\"h-critical-vulnerabilities-under-active-exploitation\"><strong>Critical Vulnerabilities Under Active Exploitation<\/strong><\/h2>\n<p>The two most concerning vulnerabilities being actively exploited are\u00a0CVE-2025-48633\u00a0and\u00a0CVE-2025-48572, both classified as information disclosure (ID) issues with high severity ratings.<\/p>\n<p>These vulnerabilities reside in Android\u2019s Framework component and require immediate attention from device manufacturers and users.<\/p>\n<p>CVE-2025-48633 poses a significant risk by allowing unauthorized disclosure of information on affected versions of Android 13, 14, 15, and 16.<\/p>\n<p>Similarly, CVE-2025-48572 is classified as a <a href=\"https:\/\/cybersecuritynews.com\/nvidia-nemo-framework-vulnerabilities\/\" target=\"_blank\" rel=\"noreferrer noopener\">privilege escalation<\/a> vulnerability that could enable attackers to gain elevated access on vulnerable devices.<\/p>\n<figure class=\"wp-block-table is-style-stripes\">\n<table class=\"has-fixed-layout\">\n<thead>\n<tr>\n<th>Aspect<\/th>\n<th>CVE-2025-48572<\/th>\n<th>CVE-2025-48633<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>Vulnerability Type<\/strong><\/td>\n<td>Elevation of Privilege (EoP)<\/td>\n<td>Information Disclosure (ID)<\/td>\n<\/tr>\n<tr>\n<td><strong>Severity Rating<\/strong><\/td>\n<td>High<\/td>\n<td>High<\/td>\n<\/tr>\n<tr>\n<td><strong>Component<\/strong><\/td>\n<td>Android Framework<\/td>\n<td>Android Framework<\/td>\n<\/tr>\n<tr>\n<td><strong>Affected Versions<\/strong><\/td>\n<td>Android 13, 14, 15, 16<\/td>\n<td>Android 13, 14, 15, 16<\/td>\n<\/tr>\n<tr>\n<td><strong>Impact Description<\/strong><\/td>\n<td>Allows attacker to gain elevated system privileges without requiring additional permissions<\/td>\n<td>Enables unauthorized access to sensitive device information and data<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n<h2 class=\"wp-block-heading\" id=\"h-most-severe-threat-remote-denial-of-service\"><strong>Most Severe Threat: Remote Denial of Service<\/strong><\/h2>\n<p>While CVE-2025-48633 and CVE-2025-48572 represent the most actively exploited threats, the security bulletin identifies an even more critical vulnerability.<\/p>\n<p>CVE-2025-48631\u00a0stands out as the most severe issue in this month\u2019s update, capable of causing remote <a href=\"https:\/\/cybersecuritynews.com\/next-js-servers-dos-vulnerability\/\" target=\"_blank\" rel=\"noreferrer noopener\">denial-of-service<\/a> attacks.<\/p>\n<p>What makes this vulnerability particularly dangerous is that attackers need no additional execution privileges to exploit it, meaning even unauthenticated attackers could trigger it.<\/p>\n<p>Google\u2019s security response is comprehensive, addressing over 30 vulnerabilities across multiple Android components.<\/p>\n<p>Security patch levels resolve these issues, with source code patches to be released to the Android <a href=\"https:\/\/cybersecuritynews.com\/threat-actors-exploiting-vulnerabilities-in-open-source-ecosystem\/\" target=\"_blank\" rel=\"noreferrer noopener\">Open-Source<\/a> Project within 48 hours of the bulletin\u2019s publication.<\/p>\n<p>The Framework component dominates this month\u2019s updates, with vulnerabilities including privilege escalation flaws (CVE-2025-22420, CVE-2025-48525).<\/p>\n<p>Denial-of-service issues and information disclosure vulnerabilities affecting Android versions 13 through 16. Google emphasizes that users can significantly reduce their risk through immediate action.<\/p>\n<p>The company has implemented multiple layers of protection through the <a href=\"https:\/\/source.android.com\/docs\/security\/bulletin\/2025-12-01\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Android security<\/a> platform and Google Play Protect, which are enabled by default on devices with Google Mobile Services.<\/p>\n<p>Security experts advise users to install available updates immediately, particularly those using Android 13, 14, 15, or 16.<\/p>\n<p>Device manufacturers received advance notification at least one month before the public bulletin release, allowing them time to prepare <a href=\"https:\/\/cybersecuritynews.com\/chrome-security-updates\/\" target=\"_blank\" rel=\"noreferrer noopener\">patches<\/a> for their specific devices.<\/p>\n<p>Android device owners should prioritize checking for available security updates in their device settings. Users can verify their current security patch level through their device\u2019s About Phone section.<\/p>\n<p>Immediate installation of patches addressing the December 5, 2025, security level is strongly recommended, especially for devices that active exploits may target.<\/p>\n<p>Additionally, users should ensure Google Play Protect remains enabled and consider limiting app installation to the official Google Play Store, as the system actively monitors for potentially harmful applications that might exploit these vulnerabilities.<\/p>\n<p>The post <a href=\"https:\/\/cybersecuritynews.com\/android-0-day-vulnerabilities-patch\/\">Google Patches Android 0-Day Vulnerabilities Exploited in the Wild<\/a> appeared first on <a href=\"https:\/\/cybersecuritynews.com\/\">Cyber Security News<\/a>.<\/p>\n<\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><br \/>\n    Abinaya<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/cybersecuritynews.com\/android-0-day-vulnerabilities-patch\/\">Go to cyber-security-news<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Google Patches Android 0-Day Vulnerabilities Exploited in the Wild Google has released critical security updates to address multiple zero-day vulnerabilities affecting Android devices worldwide. The December 2025 security bulletin reveals that threat actors are actively exploiting at least two of these vulnerabilities in real-world attacks, prompting urgent action from the tech giant. Critical Vulnerabilities Under [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[509,129,63,2111,416],"tags":[130],"class_list":["post-8861","post","type-post","status-publish","format-standard","hentry","category-android","category-cyber-security","category-cyber-security-news","category-patch-updates","category-vulnerabilities","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/8861"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=8861"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/8861\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=8861"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=8861"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=8861"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}