Google Releases Urgent Security Updates to Address Actively Exploited Android Zero-Day Vulnerabilities
Google has issued critical security updates to rectify multiple zero-day vulnerabilities affecting Android devices globally. The December 2025 security bulletin highlights that threat actors are actively exploiting at least two of these vulnerabilities in real-world attacks, necessitating immediate action from both device manufacturers and users.
Critical Vulnerabilities Under Active Exploitation
The two most pressing vulnerabilities currently being exploited are CVE-2025-48633 and CVE-2025-48572, both classified as high-severity issues within Android’s Framework component.
– CVE-2025-48633: This information disclosure vulnerability allows unauthorized access to sensitive information on devices running Android versions 13 through 16.
– CVE-2025-48572: This elevation of privilege vulnerability enables attackers to gain elevated system privileges without requiring additional permissions, affecting the same Android versions.
The table below summarizes these vulnerabilities:
| Aspect | CVE-2025-48572 | CVE-2025-48633 |
|———————-|—————————————————–|—————————————————–|
| Vulnerability Type | Elevation of Privilege (EoP) | Information Disclosure (ID) |
| Severity Rating | High | High |
| Component | Android Framework | Android Framework |
| Affected Versions | Android 13, 14, 15, 16 | Android 13, 14, 15, 16 |
| Impact Description| Allows attacker to gain elevated system privileges without requiring additional permissions | Enables unauthorized access to sensitive device information and data |
Most Severe Threat: Remote Denial of Service
Beyond the actively exploited vulnerabilities, the bulletin identifies CVE-2025-48631 as the most severe issue this month. This vulnerability can cause remote denial-of-service attacks without requiring additional execution privileges, making it particularly dangerous as even unauthenticated attackers could exploit it.
Comprehensive Security Measures
Google’s security response addresses over 30 vulnerabilities across multiple Android components. The Framework component is notably affected, with issues including privilege escalation flaws (CVE-2025-22420, CVE-2025-48525), denial-of-service issues, and information disclosure vulnerabilities impacting Android versions 13 through 16.
To mitigate these risks, Google has implemented multiple layers of protection through the Android security platform and Google Play Protect, both enabled by default on devices with Google Mobile Services.
Recommendations for Users
Security experts strongly advise users to install available updates immediately, especially those using Android 13, 14, 15, or 16. Device manufacturers received advance notification at least one month before the public bulletin release, allowing them time to prepare patches for their specific devices.
Android device owners should prioritize checking for available security updates in their device settings. Users can verify their current security patch level through their device’s About Phone section. Immediate installation of patches addressing the December 5, 2025, security level is strongly recommended, particularly for devices that may be targeted by active exploits.
Additionally, users should ensure Google Play Protect remains enabled and consider limiting app installation to the official Google Play Store, as the system actively monitors for potentially harmful applications that might exploit these vulnerabilities.
