AI description
CVE-2025-48572 is a high-severity elevation-of-privilege (EoP) vulnerability affecting Android versions 13 through 16. It exists within the Android Framework component. Google's security team has indicated that this vulnerability is under limited, targeted exploitation in the wild. Successful exploitation of CVE-2025-48572 could allow attackers to gain administrative control over affected devices. Google has released security patches as part of the December 2025 Android Security Bulletin to address this and other vulnerabilities. Users are advised to update their devices to the latest patch level as soon as the updates are available.
- Description
- In multiple locations, there is a possible way to launch activities from the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- Source
- security@android.com
- NVD status
- Analyzed
- Products
- android
CVSS 3.1
- Type
- Secondary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-306
- Hype score
- Not currently trending
NCERT has issued an advisory about Zero-day attack exploitation on Android devices. These vulnerabilities are majorly deployed to tie surveillance and spyware operations. Includes following: CVE-2025-48633 CVE-2025-48572 CVE-2025-48631 Update ur phones to latest security patch.
@notsocoolusman
23 Jan 2026
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-48572: Android Framework Zero-Day Enables Privilege Escalation Attacks https://t.co/8yHE7WyKZr
@WeAreCyberP1
16 Dec 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Breaking: New zero-day flaws in Android Framework (CVE-2025-48572 & CVE-2025-48633) are already exploited in the wild millions of devices exposed. Users urged to update immediately. #CyberSecurity #ZeroDay #Android https://t.co/fGFmxkSxnt
@zaxenite
10 Dec 2025
1 Impression
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-48572 In multiple locations, there is a possible way to launch activities from the background due to a permissions bypass. This could lead to local escalation of privilege … https://t.co/pvoeyCMETW
@CVEnew
8 Dec 2025
127 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Android'te iki kritik güvenlik açığı keşfedildi. 📌İlk açık (CVE-2025-48572), saldırganlara cihazda normalde sahip olamayacakları yetkileri veriyor. Yani telefonunuzu ele geçirebilecekleri bir kapı aralanıyor. Bu açık, sistem seviyesinde kontrol sağlayabiliyor
@webtekno
8 Dec 2025
46842 Impressions
13 Retweets
203 Likes
143 Bookmarks
4 Replies
2 Quotes
Android’de Kritik Güvenlik Açıkları! Google, Aralık 2025 güvenlik bülteninde CVE-2025-48572 ve CVE-2025-48633 kodlu iki ciddi zafiyeti duyurdu. Bu açıklar, yetki yükseltme ve bilgi sızdırma zafiyetlerini içeriyor — ve aktif olarak istismar ediliyor! https://t.co/
@KamCyberTR
8 Dec 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
تحذير عاجل لمستخدمي #أندرويد! اكتشف خبراء غوغل 107 ثغرات خطيرة تؤثر على جميع الإصدارات من أندرويد-13 وحتى أندرويد-16. أبرزها: CVE-2025-48633 وCVE-2025-48572 المصنفتان كخط
@EanLibya
7 Dec 2025
299 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
What they do: CVE-2025-48633 leaks sensitive info (like your files or location data). CVE-2025-48572 lets bad apps escalate to system-level access. Chained together? Full phone takeover without you noticing.
@SecureTalks
6 Dec 2025
54 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Android alert: Google just patched TWO zero-day flaws being exploited RIGHT NOW in targeted attacks. CVE-2025-48633 (info leak) + CVE-2025-48572 (privilege escalation). They hit Android 13-16 could let hackers steal data or take full control. If you're on an older phone
@SecureTalks
6 Dec 2025
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google's Dec Android update fixes 107 security flaws—including 2 zero-days (CVE-2025-48633, CVE-2025-48572) being actively exploited. Also patched: critical kernel, chipset vulnerabilities. Details via @cyberscoopnews
@K3rruption
5 Dec 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google's December Android update just patched two zero-day exploits that might've been hitting devices. As devs, updates are key, but it's wild how fast threats evolve. If you're on Android 13-16, update ASAP. → CVE-2025-48633 (info disclosure) & CVE-2025-48572. https://t.c
@AbdurRehman0601
5 Dec 2025
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Androidで重大な脆弱性と2件のゼロデイ- 12月セキュリティパッチで緊急修正(CVE-2025-48631,CVE-2025-48633,CVE-2025-48572) https://t.co/CjVBuo8h97 #セキュリティ対策Lab #セキュリティ #Security
@securityLab_jp
4 Dec 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Vulnerabilidades en productos Android ❗ CVE-2025-48631 ❗ CVE-2025-48572 ❗ CVE-2025-48533 ➡️ Más info: https://t.co/FgS6JLtQmr https://t.co/t7uPFASFFb
@CERTpy
3 Dec 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google Patches Actively Exploited Android Security Flaws https://t.co/cbK5rupwyr #cve-2025-48572 #cve-2025-48633
@wizconsults
3 Dec 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Upozorňujeme na aktivně zneužívané zranitelnosti v Android Framework, CVE-2025-48633 a CVE-2025-48572. Zranitelnost CVE-2025-48633 umožňuje útočníkovi získat citlivá data z prostředí systému. CVE-2025-48572 umožňuje získání vyšších oprávnění v systé
@GOVCERT_CZ
3 Dec 2025
766 Impressions
2 Retweets
5 Likes
1 Bookmark
0 Replies
0 Quotes
🛡️ @Google December Android update fixes 107 vulnerabilities, including 2 Framework bugs already exploited in the wild. • CVE-2025-48633 – info disclosure • CVE-2025-48572 – privilege escalation • + a critical DoS flaw: CVE-2025-48631 Have you updated your devices
@TechNadu
3 Dec 2025
82 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two high-severity Android vulnerabilities—CVE-2025-48572 (a privilege escalation flaw) and CVE-2025-48633 (an information disclosure issue)—to its Known Exploited Vulnerabilities (KEV) catalog, shortly
@MatrixBlank
3 Dec 2025
78 Impressions
1 Retweet
0 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 Google’s Android December 2025 security update fixes 107 flaws, including 2 Framework zero-days (CVE-2025-48572 & CVE-2025-48633) already exploited in the wild + added to CISA KEV. Breakdown, impact & patch guidance 👇 https://t.co/NjswM5N5v9 #Android #CyberSecur
@vulert_official
3 Dec 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Uyarı: CVE-2025-48633 ve CVE-2025-48572 hâlihazırda aktif olarak istismar ediliyor — Google işaret etmişti, şimdi ABD siber ajansı da doğruladı. Sistemlerinizi yamaladınız mı? #PatchYourSystems https://t.co/wYzxQpeHFI
@Siber_Kalkan_
3 Dec 2025
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Active exploits confirmed: CISA verifies active exploitation of CVE-2025-48633 and CVE-2025-48572 — patch now, monitor logs, and tighten access controls. Are your systems covered? #Explotación_Activa_CVE2025_48633_48572 https://t.co/zWOTtYJDab
@CyberDailyPost
3 Dec 2025
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Подтверждено: активная эксплуатация уязвимостей CVE-2025-48633 и CVE-2025-48572 — Google отмечал «признаки», теперь это подтвердило американское киберведомство. Как р
@cybereye_ru
3 Dec 2025
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
تحذير: استغلال نشط لثغرتَي CVE-2025-48633 وCVE-2025-48572 مؤكَّد — جوجل رصدت إشارات والوكالة الأمريكية للأمن السيبراني أكدتها. هل طبقت التصحيحات وتحققت من سجلاتك؟ #Patc
@Cybereayn
3 Dec 2025
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ئاگاداریەکی گرنگ: CVE-2025-48633 و CVE-2025-48572 بە شێوەی چالاک هێرش دەکرێن. گووگڵ نیشانەکان ڕاگەیاند و ئێستا ئەژانسەی سایبەری ئەمریکا پشتڕاستیان کرد. تۆ چی دەکەیت؟ #
@CaveSiberKurdi
3 Dec 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
米国CISAが悪用を確認した脆弱性 #KEV をカタログに追加しました。(12/2追加) 🛡️No.1467 CVE-2025-48572 Android Framework Privilege Escalation Vulnerability ============= 種別:特権昇格(Android Security Team) 深刻度:重要 🛡️N
@piyokango
3 Dec 2025
4271 Impressions
2 Retweets
10 Likes
1 Bookmark
0 Replies
0 Quotes
CISA has added two vulnerabilities to the KEV Catalog: CVE-2025-48633: Android Framework Information Disclosure Vulnerability CVE-2025-48572: Android Framework Privilege Escalation Vulnerability https://t.co/9idGUAHIKd
@DarkWebInformer
2 Dec 2025
3378 Impressions
3 Retweets
20 Likes
3 Bookmarks
1 Reply
1 Quote
Google patched 107 Android vulnerabilities this month, including two actively exploited zero-days (CVE-2025-48633 & CVE-2025-48572) enabling privilege escalation and data access. #AndroidSecurity #ZeroDay #UnitedStates https://t.co/bbz3Dh8NHm
@TweetThreatNews
2 Dec 2025
161 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added Android framework vulnerabilities CVE-2025-48572 & CVE-2025-48633 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/shAU5gIzHa
@CISACyber
2 Dec 2025
5974 Impressions
17 Retweets
44 Likes
0 Bookmarks
4 Replies
0 Quotes
Google patched 107 Android security flaws, including 2 (CVE-2025-48633 and CVE-2025-48572) critical ones confirmed to be actively exploited in the wild. Users are recommended to update their devices to the latest patch level as soon as the patches are released. https://t.co/isnK
@pixeluibygoogle
2 Dec 2025
4008 Impressions
8 Retweets
127 Likes
8 Bookmarks
1 Reply
1 Quote
گوگل ۲ آسیب پذیری با کدهای شناسایی CVE-2025-48633 از نوع افشای اطلاعات و CVE-2025-48572 از نوع privilege escalation را پچ نمود.سیستم عامل های اندروید نسخه های ۱۳ تا ۱۶ دارای این
@EthicalSafe
2 Dec 2025
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google fixes Android vulnerabilities “under targeted exploitation” (CVE-2025-48633, CVE-2025-48572) https://t.co/gOt5gR03x6 #HelpNetSecurity #Cybersecurity https://t.co/V0w6XPXkov
@PoseidonTPA
2 Dec 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Your Android is vulnerable right now. Google just confirmed two active zero-day exploits are being used in "targeted attacks" against users. CVE-2025-48633 (steals your info). CVE-2025-48572 (gives hackers control). 107 total flaws patched in the December update. If you're h
@AIRevSpot
2 Dec 2025
101 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Security updates for Android have addressed 107 security flaws, including 2 High severity CVE's. CVE-2025-48572, a privilege escalation vulnerability, and CVE-2025-48633, an information disclosure vulnerability. Both of these vulnerabilities have had limited exploitation in the
@Rastguyan_
2 Dec 2025
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Google fixes #Android vulnerabilities “under targeted exploitation” (CVE-2025-48633, CVE-2025-48572) https://t.co/hXfeVVhyFY https://t.co/uh2abVzJCD
@evanderburg
2 Dec 2025
77 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Urgent sécurité Android: deux zero-days (CVE-2025-48633, CVE-2025-48572) exploités touchent Android 13–16. MAJ 2025-12-01/12-05 corrige 107 failles. Vous avez mis à jour ? #MiseAJourAndroid https://t.co/J1mEXkizqA
@CyberSentinelle
2 Dec 2025
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Vulnerability Alert — Android December 2025 Google patched 107 Android flaws, including two Framework vulnerabilities (CVE-2025-48633, CVE-2025-48572) exploited in the wild and a critical DoS issue (CVE-2025-48631). Google notes signs of limited, targeted exploitation. https:/
@CloneSystemsInc
2 Dec 2025
69 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The zero-days, identified as CVE-2025-48633 and CVE-2025-48572, affect the platform’s Framework component and could be exploited for information disclosure or privilege escalation. Users are urged to update immediately. #cybersecurity https://t.co/ovMmsq67EX
@GuardingPearSof
2 Dec 2025
82 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Android Security Bulletin - December 2025 https://t.co/qNgpMJTWFx 7 crits, CVE-2025-48633 & CVE-2025-48572 exploited ITW
@xvonfers
2 Dec 2025
3860 Impressions
3 Retweets
31 Likes
18 Bookmarks
0 Replies
0 Quotes
🔐 تحديث أمان جديد من #Google يعالج 107 ثغرة في Android، بينها ثغرتان صفرية تم استغلالها فعلًا ⚠️ 🛡️ أخطرها: • CVE-2025-48633 → تسريب معلومات • CVE-2025-48572 → رفع صلاحيات
@Infoandtech3
2 Dec 2025
70 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Google just fixed 107 security flaws in Android — including two that hackers already used in real attacks. The exploited bugs (CVE-2025-48633 & CVE-2025-48572) affect the Android Framework and could expose data or give attackers higher access. Read: https://t.co/n8
@TheHackersNews
2 Dec 2025
15009 Impressions
69 Retweets
178 Likes
27 Bookmarks
0 Replies
1 Quote
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
},
{
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"
},
{
"criteria": "cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8538774C-906D-4B03-A3E7-FA7A55E0DA9E"
},
{
"criteria": "cpe:2.3:o:google:android:16.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2D49E611-5D53-479D-A981-42388FDC0E8D"
}
],
"operator": "OR"
}
]
}
]