top of page
Search

Vulnerabilities in Android Framework Cataloged by U.S. CISA as Known Exploited

  • Dec 2, 2025
  • 1 min read

Key Findings


  • U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two Android Framework vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog:

  • CVE-2025-48572: Android Framework Privilege Escalation Vulnerability

  • CVE-2025-48633: Android Framework Information Disclosure Vulnerability


Background


  • The two high-severity vulnerabilities are reported to be "under limited, targeted exploitation" in the wild.

  • Google's latest Android update for December 2025 patched a total of 107 vulnerabilities, including the two exploited flaws in the Android Framework.

  • According to Binding Operational Directive (BOD) 22-01, federal agencies must address the identified vulnerabilities in the KEV catalog by the due date to protect their networks.

  • CISA has ordered federal agencies to fix the Android Framework vulnerabilities by December 23, 2025.


Vulnerability Details


CVE-2025-48572 - Android Framework Privilege Escalation Vulnerability


  • This vulnerability could allow an attacker to escalate their privileges on an affected Android device.

  • The flaw was reported to be under limited, targeted exploitation in the wild prior to the patch release.


CVE-2025-48633 - Android Framework Information Disclosure Vulnerability


  • This vulnerability could enable an attacker to obtain sensitive information from an affected Android device.

  • Like the privilege escalation flaw, this information disclosure issue was also being exploited in targeted attacks before the fix was made available.


Recommendations


  • Google has released security updates to address these vulnerabilities, and users are advised to update their devices to the latest patch level as soon as possible.

  • Private organizations are also recommended to review the CISA KEV catalog and address the identified Android vulnerabilities in their infrastructure.

  • Federal agencies must comply with CISA's directive and fix the flaws by the December 23, 2025 deadline to protect their networks.


Sources


  • https://securityaffairs.com/185252/security/u-s-cisa-adds-android-framework-flaws-to-its-known-exploited-vulnerabilities-catalog.html

  • https://thehackernews.com/2025/12/google-patches-107-android-flaws.html

  • https://securityonline.info/android-emergency-critical-dos-flaw-and-2-exploited-zero-days-in-framework-require-immediate-patch/

  • https://x.com/shah_sheikh/status/1995971875659235615

  • https://windowsforum.com/threads/cisa-kev-spotlight-android-framework-cve-2025-48633-patch-urgency.391877/post-947917

  • https://thecyberexpress.com/cisa-warns-android-vulnerabilities-attacked/

Recent Posts

See All
Defeating AI with AI

Key Findings Generative AI and agentic AI are increasingly used by threat actors to conduct faster and more targeted attacks. One capability that AI improves for threat actors is the ability to profil

 
 
 

Comments

  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page