- Description
- In hasAccountsOnAnyUser of DevicePolicyManagerService.java, there is a possible way to add a Device Owner after provisioning due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- Source
- security@android.com
- NVD status
- Analyzed
- Products
- android
CVSS 3.1
- Type
- Primary
- Base score
- 5.5
- Impact score
- 3.6
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
- Hype score
- Not currently trending
NCERT has issued an advisory about Zero-day attack exploitation on Android devices. These vulnerabilities are majorly deployed to tie surveillance and spyware operations. Includes following: CVE-2025-48633 CVE-2025-48572 CVE-2025-48631 Update ur phones to latest security patch.
@notsocoolusman
23 Jan 2026
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Breaking: New zero-day flaws in Android Framework (CVE-2025-48572 & CVE-2025-48633) are already exploited in the wild millions of devices exposed. Users urged to update immediately. #CyberSecurity #ZeroDay #Android https://t.co/fGFmxkSxnt
@zaxenite
10 Dec 2025
1 Impression
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🔴 #Android, Escalation of Privilege, #CVE-2025-48633 (Critical) https://t.co/KjmurVeCYk
@dailycve
9 Dec 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Android’de Kritik Güvenlik Açıkları! Google, Aralık 2025 güvenlik bülteninde CVE-2025-48572 ve CVE-2025-48633 kodlu iki ciddi zafiyeti duyurdu. Bu açıklar, yetki yükseltme ve bilgi sızdırma zafiyetlerini içeriyor — ve aktif olarak istismar ediliyor! https://t.co/
@KamCyberTR
8 Dec 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
تحذير عاجل لمستخدمي #أندرويد! اكتشف خبراء غوغل 107 ثغرات خطيرة تؤثر على جميع الإصدارات من أندرويد-13 وحتى أندرويد-16. أبرزها: CVE-2025-48633 وCVE-2025-48572 المصنفتان كخط
@EanLibya
7 Dec 2025
299 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
What they do: CVE-2025-48633 leaks sensitive info (like your files or location data). CVE-2025-48572 lets bad apps escalate to system-level access. Chained together? Full phone takeover without you noticing.
@SecureTalks
6 Dec 2025
54 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Android alert: Google just patched TWO zero-day flaws being exploited RIGHT NOW in targeted attacks. CVE-2025-48633 (info leak) + CVE-2025-48572 (privilege escalation). They hit Android 13-16 could let hackers steal data or take full control. If you're on an older phone
@SecureTalks
6 Dec 2025
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google's Dec Android update fixes 107 security flaws—including 2 zero-days (CVE-2025-48633, CVE-2025-48572) being actively exploited. Also patched: critical kernel, chipset vulnerabilities. Details via @cyberscoopnews
@K3rruption
5 Dec 2025
0 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google's December Android update just patched two zero-day exploits that might've been hitting devices. As devs, updates are key, but it's wild how fast threats evolve. If you're on Android 13-16, update ASAP. → CVE-2025-48633 (info disclosure) & CVE-2025-48572. https://t.c
@AbdurRehman0601
5 Dec 2025
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Androidで重大な脆弱性と2件のゼロデイ- 12月セキュリティパッチで緊急修正(CVE-2025-48631,CVE-2025-48633,CVE-2025-48572) https://t.co/CjVBuo8h97 #セキュリティ対策Lab #セキュリティ #Security
@securityLab_jp
4 Dec 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google Patches Actively Exploited Android Security Flaws https://t.co/cbK5rupwyr #cve-2025-48572 #cve-2025-48633
@wizconsults
3 Dec 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Upozorňujeme na aktivně zneužívané zranitelnosti v Android Framework, CVE-2025-48633 a CVE-2025-48572. Zranitelnost CVE-2025-48633 umožňuje útočníkovi získat citlivá data z prostředí systému. CVE-2025-48572 umožňuje získání vyšších oprávnění v systé
@GOVCERT_CZ
3 Dec 2025
766 Impressions
2 Retweets
5 Likes
1 Bookmark
0 Replies
0 Quotes
🛡️ @Google December Android update fixes 107 vulnerabilities, including 2 Framework bugs already exploited in the wild. • CVE-2025-48633 – info disclosure • CVE-2025-48572 – privilege escalation • + a critical DoS flaw: CVE-2025-48631 Have you updated your devices
@TechNadu
3 Dec 2025
82 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two high-severity Android vulnerabilities—CVE-2025-48572 (a privilege escalation flaw) and CVE-2025-48633 (an information disclosure issue)—to its Known Exploited Vulnerabilities (KEV) catalog, shortly
@MatrixBlank
3 Dec 2025
78 Impressions
1 Retweet
0 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 Google’s Android December 2025 security update fixes 107 flaws, including 2 Framework zero-days (CVE-2025-48572 & CVE-2025-48633) already exploited in the wild + added to CISA KEV. Breakdown, impact & patch guidance 👇 https://t.co/NjswM5N5v9 #Android #CyberSecur
@vulert_official
3 Dec 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Uyarı: CVE-2025-48633 ve CVE-2025-48572 hâlihazırda aktif olarak istismar ediliyor — Google işaret etmişti, şimdi ABD siber ajansı da doğruladı. Sistemlerinizi yamaladınız mı? #PatchYourSystems https://t.co/wYzxQpeHFI
@Siber_Kalkan_
3 Dec 2025
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Active exploits confirmed: CISA verifies active exploitation of CVE-2025-48633 and CVE-2025-48572 — patch now, monitor logs, and tighten access controls. Are your systems covered? #Explotación_Activa_CVE2025_48633_48572 https://t.co/zWOTtYJDab
@CyberDailyPost
3 Dec 2025
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Подтверждено: активная эксплуатация уязвимостей CVE-2025-48633 и CVE-2025-48572 — Google отмечал «признаки», теперь это подтвердило американское киберведомство. Как р
@cybereye_ru
3 Dec 2025
51 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
تحذير: استغلال نشط لثغرتَي CVE-2025-48633 وCVE-2025-48572 مؤكَّد — جوجل رصدت إشارات والوكالة الأمريكية للأمن السيبراني أكدتها. هل طبقت التصحيحات وتحققت من سجلاتك؟ #Patc
@Cybereayn
3 Dec 2025
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ئاگاداریەکی گرنگ: CVE-2025-48633 و CVE-2025-48572 بە شێوەی چالاک هێرش دەکرێن. گووگڵ نیشانەکان ڕاگەیاند و ئێستا ئەژانسەی سایبەری ئەمریکا پشتڕاستیان کرد. تۆ چی دەکەیت؟ #
@CaveSiberKurdi
3 Dec 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
米国CISAが悪用を確認した脆弱性 #KEV をカタログに追加しました。(12/2追加) 🛡️No.1467 CVE-2025-48572 Android Framework Privilege Escalation Vulnerability ============= 種別:特権昇格(Android Security Team) 深刻度:重要 🛡️N
@piyokango
3 Dec 2025
4271 Impressions
2 Retweets
10 Likes
1 Bookmark
0 Replies
0 Quotes
CISA has added two vulnerabilities to the KEV Catalog: CVE-2025-48633: Android Framework Information Disclosure Vulnerability CVE-2025-48572: Android Framework Privilege Escalation Vulnerability https://t.co/9idGUAHIKd
@DarkWebInformer
2 Dec 2025
3378 Impressions
3 Retweets
20 Likes
3 Bookmarks
1 Reply
1 Quote
Google patched 107 Android vulnerabilities this month, including two actively exploited zero-days (CVE-2025-48633 & CVE-2025-48572) enabling privilege escalation and data access. #AndroidSecurity #ZeroDay #UnitedStates https://t.co/bbz3Dh8NHm
@TweetThreatNews
2 Dec 2025
161 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛡️ We added Android framework vulnerabilities CVE-2025-48572 & CVE-2025-48633 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/shAU5gIzHa
@CISACyber
2 Dec 2025
5974 Impressions
17 Retweets
44 Likes
0 Bookmarks
4 Replies
0 Quotes
Google patched 107 Android security flaws, including 2 (CVE-2025-48633 and CVE-2025-48572) critical ones confirmed to be actively exploited in the wild. Users are recommended to update their devices to the latest patch level as soon as the patches are released. https://t.co/isnK
@pixeluibygoogle
2 Dec 2025
4008 Impressions
8 Retweets
127 Likes
8 Bookmarks
1 Reply
1 Quote
گوگل ۲ آسیب پذیری با کدهای شناسایی CVE-2025-48633 از نوع افشای اطلاعات و CVE-2025-48572 از نوع privilege escalation را پچ نمود.سیستم عامل های اندروید نسخه های ۱۳ تا ۱۶ دارای این
@EthicalSafe
2 Dec 2025
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google fixes Android vulnerabilities “under targeted exploitation” (CVE-2025-48633, CVE-2025-48572) https://t.co/gOt5gR03x6 #HelpNetSecurity #Cybersecurity https://t.co/V0w6XPXkov
@PoseidonTPA
2 Dec 2025
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Your Android is vulnerable right now. Google just confirmed two active zero-day exploits are being used in "targeted attacks" against users. CVE-2025-48633 (steals your info). CVE-2025-48572 (gives hackers control). 107 total flaws patched in the December update. If you're h
@AIRevSpot
2 Dec 2025
101 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Security updates for Android have addressed 107 security flaws, including 2 High severity CVE's. CVE-2025-48572, a privilege escalation vulnerability, and CVE-2025-48633, an information disclosure vulnerability. Both of these vulnerabilities have had limited exploitation in the
@Rastguyan_
2 Dec 2025
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Google fixes #Android vulnerabilities “under targeted exploitation” (CVE-2025-48633, CVE-2025-48572) https://t.co/hXfeVVhyFY https://t.co/uh2abVzJCD
@evanderburg
2 Dec 2025
77 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Urgent sécurité Android: deux zero-days (CVE-2025-48633, CVE-2025-48572) exploités touchent Android 13–16. MAJ 2025-12-01/12-05 corrige 107 failles. Vous avez mis à jour ? #MiseAJourAndroid https://t.co/J1mEXkizqA
@CyberSentinelle
2 Dec 2025
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Vulnerability Alert — Android December 2025 Google patched 107 Android flaws, including two Framework vulnerabilities (CVE-2025-48633, CVE-2025-48572) exploited in the wild and a critical DoS issue (CVE-2025-48631). Google notes signs of limited, targeted exploitation. https:/
@CloneSystemsInc
2 Dec 2025
69 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
The zero-days, identified as CVE-2025-48633 and CVE-2025-48572, affect the platform’s Framework component and could be exploited for information disclosure or privilege escalation. Users are urged to update immediately. #cybersecurity https://t.co/ovMmsq67EX
@GuardingPearSof
2 Dec 2025
82 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Android Security Bulletin - December 2025 https://t.co/qNgpMJTWFx 7 crits, CVE-2025-48633 & CVE-2025-48572 exploited ITW
@xvonfers
2 Dec 2025
3860 Impressions
3 Retweets
31 Likes
18 Bookmarks
0 Replies
0 Quotes
🔐 تحديث أمان جديد من #Google يعالج 107 ثغرة في Android، بينها ثغرتان صفرية تم استغلالها فعلًا ⚠️ 🛡️ أخطرها: • CVE-2025-48633 → تسريب معلومات • CVE-2025-48572 → رفع صلاحيات
@Infoandtech3
2 Dec 2025
70 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Google just fixed 107 security flaws in Android — including two that hackers already used in real attacks. The exploited bugs (CVE-2025-48633 & CVE-2025-48572) affect the Android Framework and could expose data or give attackers higher access. Read: https://t.co/n8
@TheHackersNews
2 Dec 2025
15009 Impressions
69 Retweets
178 Likes
27 Bookmarks
0 Replies
1 Quote
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8538774C-906D-4B03-A3E7-FA7A55E0DA9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:google:android:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2D49E611-5D53-479D-A981-42388FDC0E8D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]