CVE-2025-48595
Published Jun 1, 2026
Last updated 11 days ago
AI description
CVE-2025-48595 is an elevation of privilege vulnerability affecting the Android platform. This flaw allows an attacker to gain elevated access without requiring any additional execution privileges or user interaction for successful exploitation. Google has noted that there are indications of limited, targeted exploitation of CVE-2025-48595, making the June 2026 security patch, which addresses this vulnerability, particularly important.
- Description
- In multiple locations, there is a possible way to achieve code execution due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- Source
- security@android.com
- NVD status
- Analyzed
- Products
- android
CVSS 3.1
- Type
- Secondary
- Base score
- 8.4
- Impact score
- 5.9
- Exploitability score
- 2.5
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
Data from CISA
- Vulnerability name
- Android Framework Integer Overflow Vulnerability
- Exploit added on
- Jun 2, 2026
- Exploit action due
- Jun 5, 2026
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-190
- Hype score
- Not currently trending
CISA warns of active exploits targeting #Android and #Linux flaws (CVE-2025-48595 & CVE-2022-0492). The Android bug allows privilege escalation with zero user interaction! ⚠️ Visit @CISAcyber for more
@DC3DCISE
11 Jun 2026
223 Impressions
2 Retweets
5 Likes
0 Bookmarks
1 Reply
0 Quotes
Google’s June Android bulletin fixed CVE-2025-48595, which may be under limited targeted exploitation. Push updates through MDM. https://t.co/H7pGGosrdk
@InfosecDotWatch
10 Jun 2026
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Android Update Patches Exploited Zero-Day, 123 Other Vulnerabilities. #Google says the Android vulnerability CVE-2025-48595 has been exploited in limited, targeted attacks. - https://t.co/ppz3y41nVq @SecurityWeek
@upgradeoptions
10 Jun 2026
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top #CVE to prioritize 👀 - @Android Framework #privesc (CVE-2025-48595) - @SolarWinds Serv-U (CVE-2026-28318) - @Cisco Catalyst SD-WAN Manager (CVE-2026-20245) - @Cisco Unified Communications Manager (CVE-2026-20230) - @Acer Wave 7 routers (CVE-2026-49200/49201) - @UniFi OS
@stansecure
10 Jun 2026
95 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 Android just patched 124 security flaws. One of them — CVE-2025-48595 (CVSS 8.4) — may already be seeing limited targeted exploitation. No user interaction required. #Android 14, 15, 16, and 16 QPR2 affected. Read: https://t.co/vH9kudjPnH https://t.co/Cap4uir9WK
@Dontbillme0
9 Jun 2026
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Android Update Patches Exploited Zero-Day, 123 Other Vulnerabilities. #Google says the Android vulnerability CVE-2025-48595 has been exploited in limited, targeted attacks. - https://t.co/ppz3y41VKY @SecurityWeek
@upgradeoptions
8 Jun 2026
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google patcht 124 Android-Schwachstellen inkl. Zero-Day. CVE-2025-48595 ermöglicht Code-Ausführung auf Android 14+. Sofortiges Update empfohlen. #AndroidSecurity #CVE #PatchNow https://t.co/M0XxgaiI8f
@wall_your_x
8 Jun 2026
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【AndroidとLinuxの既知脆弱性が実悪用、CISAが警告】 CISAが、Android FrameworkのCVE-2025-48595とLinux kernel cgroups v1のCVE-2022-0492について、実悪用を警告しています。 Android側は権限昇格、Linux側はコンテナ環境でのホスト
@01ra66it
7 Jun 2026
198 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google patched 124 Android flaws this week. CVE-2025-48595 (CVSS 8.4) gives root with no user interaction on Android 14-16 and is actively exploited. CISA's remediation deadline was yesterday. Update MDM policies now. #Google #CVE https://t.co/MtcOCtZNE5
@FpeSre
7 Jun 2026
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 #Google #Android, Integer Overflow Privilege Escalation, #CVE-2025-48595 (High) -DC-Jun2026-249 https://t.co/Q5aYgznQMZ
@dailycve
6 Jun 2026
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ ANDROID ZERO-DAY! Google has patched CVE-2025-48595, a privilege escalation flaw actively exploited in the wild. The fix is in the June 2026 security update, which patches 124 flaws total. Update your Android device NOW! #Android #ZeroDay #CyberSe... 🌐 cyber[.]netsecop
@NetSecIO
6 Jun 2026
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2025-48595 2 - CVE-2026-28318 3 - CVE-2026-20245 4 - CVE-2018-17144 5 - CVE-2026-20230 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
6 Jun 2026
91 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical #Android Zero-Day (#CVE-2025-48595) Allows Silent Device Takeover—Patch Now! + Video https://t.co/3PnhC9HGOV Educational Purposes!
@UndercodeUpdate
6 Jun 2026
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA KEV deadline hits TODAY: agencies must patch CVE-2025-48595 (Android Framework, CVSS 8.4) and CVE-2022-0492 (Linux cgroups priv-esc). Both actively exploited in targeted attacks. Check your mobile fleet and Linux hosts. #Cybersecurity #InfoSec #CISA
@infrasecserv
5 Jun 2026
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google’s June 2026 Android update patched 124 vulnerabilities. One of them is already being exploited. CVE-2025-48595 is an elevation-of-privilege flaw in the Android Framework affecting Android 14 through 16. Google confirms limited targeted exploitation is already underway.
@ai_dev_official
5 Jun 2026
73 Impressions
3 Retweets
3 Likes
3 Bookmarks
1 Reply
0 Quotes
⚠️ CISA has added Android Framework flaw CVE-2025-48595 to its KEV catalog after confirming active exploitation. The bug allows local privilege escalation, giving attackers system-level access on vulnerable devices. Patch Android devices ASAP. #Android https://t.co/UzOOKtOO
@CyberEdition
5 Jun 2026
46 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
Android security just underwent a high-severity emergency patch cycle. Google’s June 2026 Security Bulletin addresses 124 vulnerabilities, headlined by an actively exploited zero-day (CVE-2025-48595) lurking inside the core Framework component.
@handancorp
5 Jun 2026
56 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
Google、悪用中の Android ゼロデイ CVE-2025-48595 を修正 https://t.co/AaPiMkaYlc みなさんはふだん、更新通知とどう付き合っていますか。お使いの端末は、いまどのパッチレベルでしょうか。
@innovaTopia_JP
5 Jun 2026
52 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
【AndroidとLinuxの実悪用脆弱性をCISAがKEV追加】 CISAがAndroid FrameworkのCVE-2025-48595と、Linux kernelのCVE-2022-0492をKnown Exploited Vulnerabilitiesに追加しました。 Android側は権限昇格に関係し、Googleも限定的な標的型悪用の可
@01ra66it
5 Jun 2026
162 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Here is the rewritten post: Google's June 2026 Android update patched 124 vulnerabilities. One of them is already being exploited. CVE-2025-48595 is an elevation-of-privilege flaw in the Android Framework affecting Android 14 through 16. Google confirms limited targeted https:/
@ai_dev_official
4 Jun 2026
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-48595: Android Zero-Day Exploit Patched by Google https://t.co/iEiLIfpogJ #Cyberupdates #Cybertechnews #Cybersecurity
@TheCyberDef
4 Jun 2026
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-48595: Android Zero-Day Exploit Patched by Google https://t.co/3jjOJnYriq #Cyberupdates #Cybertechnews #Cybersecurity
@Vijaykiran0987
4 Jun 2026
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google Patches Actively Exploited Android Flaw (CVE-2025-48595) Affecting Millions of Devices via @SecurityAffairs #Proficio #ThreatNews #Cybersecurity #MSSP #MDR https://t.co/AlbIGJ1asQ
@proficioinc
4 Jun 2026
122 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Google’s June 2026 Android security update fixes 124 vulnerabilities, including a high-severity flaw (CVE-2025-48595) reportedly under limited active exploitation. Read More: https://t.co/rT1TccqCgM @Google @Android
@spinidg
4 Jun 2026
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google's June 2026 Android update patches 124 flaws including CVE-2025-48595, an integer overflow in the Framework component already under active exploitation. CISA added it to the KEV catalog with... Full analysis on our blog: https://t.co/ZwTJcEPs8b
@FSEvolved
4 Jun 2026
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ CVE-2025-48595 Les patchs de sécurité de juin 2026 pour #Android ont été mis en ligne par #Google 🎯 Au total, ce ne sont pas moins de 124 vulnérabilités corrigées par la firme de Mountain View, dont une faille de #sécurité zero-day. #CVE https://t.co/BXWHw6
@ITConnect_fr
4 Jun 2026
566 Impressions
5 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ CRITICAL: Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited Google patched 124 Android vulnerabilities in June 2026, including CVE-2025-48595, a high-severity privilege escalation flaw (CVSS 8.4) in the Framework component that is actively https:
@lenngrenm
4 Jun 2026
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
米当局CISAがAndroid・Linux・Mirasvitの脆弱性3件を「実際に悪用が確認された」カタログに新たに追加。早期対応を要求。 【注意喚起】米CISAがAndroid Framework(CVE-2025-48595)・Linuxカーネル(CVE-2022-0492)等3件を悪用
@hasamayo1217
4 Jun 2026
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
‼️ ثغره جديده من فئه zero-day على مستوى اندرويد اتسجل نشاط جديد لثغره اندرويد كان بيتم استخدامها بشكل محدود ومسجله برقم CVE-2025-48595 وبسبب اضافه framework جديد اتكون
@hiddenlockT
4 Jun 2026
94 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CISA Warns of Android Framework Integer Overflow Vulnerability Exploited in Attacks https://t.co/QMqDiD0yib The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a newly identified Android Framework vulnerability, tracked as CVE-2025-48595, to its Known Ex
@f1tym1
4 Jun 2026
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA warns of active attacks exploiting Android, Linux bugs .. The most recent flaw the agency added to its Known Exploited Vulnerabilities (KEV) catalog, CVE-2025-48595, is a high-severity integer overflow vulnerability in the Android Framework, which can be leveraged for
@TheRabbitPy
4 Jun 2026
59 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
米CISA、AndroidとLinuxの脆弱性が悪用されていると警告(CVE-2025-48595、CVE-2022-0492) | Codebook|Security News https://t.co/YRUiYdFcpI
@ohhara_shiojiri
4 Jun 2026
50 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨米CISA、AndroidとLinuxの脆弱性が攻撃で悪用されていると警告(CVE-2025-48595、CVE-2022-0492) ⚠️バグハンターが再びマイクロソフトの脆弱性情報をリーク、同社の脆弱性開示対応に反発 〜サイバーアラート6月
@MachinaRecord
4 Jun 2026
140 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Analyze the critical CVE-2025-48595 Android zero day flaw. Learn how this zero-click privilege escalation bug affects core devices and how to fix it. #AndroidSecurity #CVE202548595 #ZeroDay #MobileSecurity #InfoSec #ThreatIntel #AOSP https://t.co/xlWqC09iAa https://t.co/FvxXsAQP
@the_yellow_fall
4 Jun 2026
519 Impressions
0 Retweets
9 Likes
3 Bookmarks
0 Replies
0 Quotes
🚨 HIGH SEVERITY: CVE-2025-48595 (CVSS 8.4) Integer overflow flaw enables local privilege escalation with code execution. No user interaction required. Affected: Multiple Android components Patch immediately. #CVE #Vulnerability #PatchNow https://t.co/bbN0vazxzW
@DFIR_Lab
4 Jun 2026
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【Android 2026年6月更新、CVE-2025-48595に標的型悪用の可能性】 Androidの2026年6月セキュリティ情報では、複数のCriticalを含む多数の脆弱性が修正されています。GoogleはCVE-2025-48595について、限定的・標的型の悪用を
@01ra66it
3 Jun 2026
307 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
【AndroidとLinuxの実悪用CVEにCISAが警告】 CISAが、Android FrameworkのCVE-2025-48595とLinux kernelのCVE-2022-0492について、実悪用を踏まえた警告を出しています。 Android側は権限昇格、Linux側はcgroups
@01ra66it
3 Jun 2026
182 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google's June 2026 Android update patches 124 security flaws - including CVE-2025-48595 (CVSS 8.4), an actively exploited privilege escalation bug. CISA has added it to its KEV catalog. Update your Android device now! Credit: @TheHackersNews Follow @thecyberspec for more cyber
@thecyberspec
3 Jun 2026
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-48595 (CVSS 8.4) Android Framework zero-day under active exploitation fixed in June 2026 bulletin. Integer overflow enables local privilege escalation without user interaction. CISA added to KEV catalog with June 5 deadline. #DFIR_Radar https://t.co/CzduCbd213
@DFIR_Radar
3 Jun 2026
169 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
🚨Android local zero‑day (CVE-2025-48595) — integer overflow enabling local code exec & privilege escalation. EITW; PoC available. CVSS 8.4. 👉→ https://t.co/Lw3jnw8Wuu https://t.co/RmbAQhKOKP
@rapidriskradar
3 Jun 2026
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ ANDROID ZERO-DAY! Google has patched CVE-2025-48595, a privilege escalation flaw actively exploited in the wild. The fix is in the June 2026 security update, which patches 124 flaws total. Update your Android device NOW! #Android #ZeroDay #CyberSe... 🌐 cyber[.]netsecop
@NetSecIO
3 Jun 2026
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Got an Android fleet? Time to hit update. 📱🚨 Google’s June 2026 patch is live, addressing 124 vulnerabilities—including CVE-2025-48595, a Framework zero-day with targeted exploitation in the wild. 🔹 Local privilege escalation 🔹 Affects Android 14-16 🔹 Now o
@socradar
3 Jun 2026
100 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA added active exploitation alerts for CVE-2025-48595 in Android Framework and CVE-2022-0492 in Linux kernel. The Android flaw affects Android 14-16; the Linux bug can enable container escape and root access. #Android #Linux #CISA https://t.co/7H79MzFhKc
@TweetThreatNews
3 Jun 2026
98 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-48595: June 2026 Android Security Update Fixes Framework Zero-Day https://t.co/BXfBmbuJGe CVE-2025-48595: June 2026 Android Security Update Fixes Framework Zero-Day Google’s June 2026 Android Security Bulletin includes a fix for an Android Framework elevation of priv
@f1tym1
3 Jun 2026
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Two CVEs hit CISA's KEV today. CVE-2025-48595 is a zero-interaction privilege escalation affecting Android 14-16. CVE-2022-0492 enables container escape to root via Linux cgroups v1. Federal agencies have until June 5 to patch.
@XavierRiveraX
3 Jun 2026
117 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Android Security Alert: June 2026 Patch Update Google has patched 124 Android vulnerabilities, including CVE-2025-48595, a high-severity flaw actively being exploited. https://t.co/CxoMiGBNPs #CyberSecurity #AndroidSecurity #PatchManagement #InfoSec https://t.co/KGae91Da
@techpio_team
3 Jun 2026
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-48595: June 2026 Android Security Update Fixes Framework Zero-Day https://t.co/N9JKLRP9H8 CVE-2025-48595: June 2026 Android Security Update Fixes Framework Zero-Day Introduction to Malware Binary Triage (IMBT) Course Looking to level up your skills? Get 10% off usin
@f1tym1
3 Jun 2026
53 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📱 Google تُصحّح ثغرة Android تحت الاستغلال — CVE-2025-48595 (CVSS 8.4) ثغرة Integer Overflow في Android Framework تتيح Privilege Escalation دون تفاعل المستخدم. تؤثر على Android 14/15/16. طبّق تصحيح يونيو 2
@azez_alzamil
3 Jun 2026
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google fixes 124 Android flaws, including actively exploited zero-day CVE-2025-48595 that can let local attackers run code and gain higher privileges on Android 14 or later #Google #Android #CVE202548595 #ZeroDay #TechNews https://t.co/WQjirh3LUV
@techpp
3 Jun 2026
97 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
В Android исправили 124 уязвимости, включая 0-day под атаками В июньский набор обновлений для Android вошли исправления для 124 уязвимостей. Среди них — уже эксплуа
@XakepRU
3 Jun 2026
362 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8538774C-906D-4B03-A3E7-FA7A55E0DA9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:16.0:-:*:*:*:*:*:*",
"matchCriteriaId": "02882AB1-7993-47DD-84A0-8DF4272D85ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:16.0:qpr2_beta_1:*:*:*:*:*:*",
"matchCriteriaId": "FD695F32-4A73-4846-B1A1-04FF266E9C15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:16.0:qpr2_beta_2:*:*:*:*:*:*",
"matchCriteriaId": "3DE9F018-8704-476B-8D59-F63F8486E231",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:16.0:qpr2_beta_3:*:*:*:*:*:*",
"matchCriteriaId": "BE95A642-4330-4F65-B028-3BA597D30F32",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]