CVE-2025-48633

Published Dec 8, 2025

Last updated 2 months ago

CVSS medium 5.5

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-48633 is an information disclosure vulnerability affecting the Android Framework component in Android versions 13 through 16. It is one of two zero-day vulnerabilities that Google addressed in its December 2025 Android Security Bulletin. The vulnerability could allow attackers to access sensitive information without elevated privileges, potentially exposing user data. There are indications that it may be under limited, targeted exploitation. Google has released security patches to address the vulnerability.

Description
In hasAccountsOnAnyUser of DevicePolicyManagerService.java, there is a possible way to add a Device Owner after provisioning due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Source
security@android.com
NVD status
Analyzed
Products
android

Risk scores

CVSS 3.1

Type
Primary
Base score
5.5
Impact score
3.6
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity
MEDIUM

Weaknesses

nvd@nist.gov
NVD-CWE-noinfo

Social media

Hype score
Not currently trending

  1. NCERT has issued an advisory about Zero-day attack exploitation on Android devices. These vulnerabilities are majorly deployed to tie surveillance and spyware operations. Includes following: CVE-2025-48633 CVE-2025-48572 CVE-2025-48631 Update ur phones to latest security patch.

    @notsocoolusman

    23 Jan 2026

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  2. Breaking: New zero-day flaws in Android Framework (CVE-2025-48572 & CVE-2025-48633) are already exploited in the wild millions of devices exposed. Users urged to update immediately. #CyberSecurity #ZeroDay #Android https://t.co/fGFmxkSxnt

    @zaxenite

    10 Dec 2025

    1 Impression

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🔴 #Android, Escalation of Privilege, #CVE-2025-48633 (Critical) https://t.co/KjmurVeCYk

    @dailycve

    9 Dec 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Android’de Kritik Güvenlik Açıkları! Google, Aralık 2025 güvenlik bülteninde CVE-2025-48572 ve CVE-2025-48633 kodlu iki ciddi zafiyeti duyurdu. Bu açıklar, yetki yükseltme ve bilgi sızdırma zafiyetlerini içeriyor — ve aktif olarak istismar ediliyor! https://t.co/

    @KamCyberTR

    8 Dec 2025

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. تحذير عاجل لمستخدمي #أندرويد! اكتشف خبراء غوغل 107 ثغرات خطيرة تؤثر على جميع الإصدارات من أندرويد-13 وحتى أندرويد-16. أبرزها: CVE-2025-48633 وCVE-2025-48572 المصنفتان كخط

    @EanLibya

    7 Dec 2025

    299 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. What they do: CVE-2025-48633 leaks sensitive info (like your files or location data). CVE-2025-48572 lets bad apps escalate to system-level access. Chained together? Full phone takeover without you noticing.

    @SecureTalks

    6 Dec 2025

    54 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Android alert: Google just patched TWO zero-day flaws being exploited RIGHT NOW in targeted attacks. CVE-2025-48633 (info leak) + CVE-2025-48572 (privilege escalation). They hit Android 13-16 could let hackers steal data or take full control. If you're on an older phone

    @SecureTalks

    6 Dec 2025

    63 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Google's Dec Android update fixes 107 security flaws—including 2 zero-days (CVE-2025-48633, CVE-2025-48572) being actively exploited. Also patched: critical kernel, chipset vulnerabilities. Details via @cyberscoopnews

    @K3rruption

    5 Dec 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. Google's December Android update just patched two zero-day exploits that might've been hitting devices. As devs, updates are key, but it's wild how fast threats evolve. If you're on Android 13-16, update ASAP. → CVE-2025-48633 (info disclosure) & CVE-2025-48572. https://t.c

    @AbdurRehman0601

    5 Dec 2025

    51 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. Androidで重大な脆弱性と2件のゼロデイ- 12月セキュリティパッチで緊急修正(CVE-2025-48631,CVE-2025-48633,CVE-2025-48572) https://t.co/CjVBuo8h97 #セキュリティ対策Lab #セキュリティ #Security

    @securityLab_jp

    4 Dec 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. Google Patches Actively Exploited Android Security Flaws https://t.co/cbK5rupwyr #cve-2025-48572 #cve-2025-48633

    @wizconsults

    3 Dec 2025

    34 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. 🚨Upozorňujeme na aktivně zneužívané zranitelnosti v Android Framework, CVE-2025-48633 a CVE-2025-48572. Zranitelnost CVE-2025-48633 umožňuje útočníkovi získat citlivá data z prostředí systému. CVE-2025-48572 umožňuje získání vyšších oprávnění v systé

    @GOVCERT_CZ

    3 Dec 2025

    766 Impressions

    2 Retweets

    5 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  13. 🛡️ @Google December Android update fixes 107 vulnerabilities, including 2 Framework bugs already exploited in the wild. • CVE-2025-48633 – info disclosure • CVE-2025-48572 – privilege escalation • + a critical DoS flaw: CVE-2025-48631 Have you updated your devices

    @TechNadu

    3 Dec 2025

    82 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two high-severity Android vulnerabilities—CVE-2025-48572 (a privilege escalation flaw) and CVE-2025-48633 (an information disclosure issue)—to its Known Exploited Vulnerabilities (KEV) catalog, shortly

    @MatrixBlank

    3 Dec 2025

    78 Impressions

    1 Retweet

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  15. 🚨 Google’s Android December 2025 security update fixes 107 flaws, including 2 Framework zero-days (CVE-2025-48572 & CVE-2025-48633) already exploited in the wild + added to CISA KEV. Breakdown, impact & patch guidance 👇 https://t.co/NjswM5N5v9 #Android #CyberSecur

    @vulert_official

    3 Dec 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. Uyarı: CVE-2025-48633 ve CVE-2025-48572 hâlihazırda aktif olarak istismar ediliyor — Google işaret etmişti, şimdi ABD siber ajansı da doğruladı. Sistemlerinizi yamaladınız mı? #PatchYourSystems https://t.co/wYzxQpeHFI

    @Siber_Kalkan_

    3 Dec 2025

    52 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. Active exploits confirmed: CISA verifies active exploitation of CVE-2025-48633 and CVE-2025-48572 — patch now, monitor logs, and tighten access controls. Are your systems covered? #Explotación_Activa_CVE2025_48633_48572 https://t.co/zWOTtYJDab

    @CyberDailyPost

    3 Dec 2025

    56 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. Подтверждено: активная эксплуатация уязвимостей CVE-2025-48633 и CVE-2025-48572 — Google отмечал «признаки», теперь это подтвердило американское киберведомство. Как р

    @cybereye_ru

    3 Dec 2025

    51 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. تحذير: استغلال نشط لثغرتَي CVE-2025-48633 وCVE-2025-48572 مؤكَّد — جوجل رصدت إشارات والوكالة الأمريكية للأمن السيبراني أكدتها. هل طبقت التصحيحات وتحققت من سجلاتك؟ #Patc

    @Cybereayn

    3 Dec 2025

    57 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. ئاگاداریەکی گرنگ: CVE-2025-48633 و CVE-2025-48572 بە شێوەی چالاک هێرش دەکرێن. گووگڵ نیشانەکان ڕاگەیاند و ئێستا ئەژانسەی سایبەری ئەمریکا پشتڕاستیان کرد. تۆ چی دەکەیت؟ #

    @CaveSiberKurdi

    3 Dec 2025

    46 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. 米国CISAが悪用を確認した脆弱性 #KEV をカタログに追加しました。(12/2追加) 🛡️No.1467 CVE-2025-48572 Android Framework Privilege Escalation Vulnerability ============= 種別:特権昇格(Android Security Team) 深刻度:重要 🛡️N

    @piyokango

    3 Dec 2025

    4271 Impressions

    2 Retweets

    10 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  22. CISA has added two vulnerabilities to the KEV Catalog: CVE-2025-48633: Android Framework Information Disclosure Vulnerability CVE-2025-48572: Android Framework Privilege Escalation Vulnerability https://t.co/9idGUAHIKd

    @DarkWebInformer

    2 Dec 2025

    3378 Impressions

    3 Retweets

    20 Likes

    3 Bookmarks

    1 Reply

    1 Quote

  23. Google patched 107 Android vulnerabilities this month, including two actively exploited zero-days (CVE-2025-48633 & CVE-2025-48572) enabling privilege escalation and data access. #AndroidSecurity #ZeroDay #UnitedStates https://t.co/bbz3Dh8NHm

    @TweetThreatNews

    2 Dec 2025

    161 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. 🛡️ We added Android framework vulnerabilities CVE-2025-48572 & CVE-2025-48633 to our Known Exploited Vulnerabilities Catalog. Visit https://t.co/myxOwap1Tf & apply mitigations to protect your org from cyberattacks. #Cybersecurity #InfoSec https://t.co/shAU5gIzHa

    @CISACyber

    2 Dec 2025

    5974 Impressions

    17 Retweets

    44 Likes

    0 Bookmarks

    4 Replies

    0 Quotes

  25. Google patched 107 Android security flaws, including 2 (CVE-2025-48633 and CVE-2025-48572) critical ones confirmed to be actively exploited in the wild. Users are recommended to update their devices to the latest patch level as soon as the patches are released. https://t.co/isnK

    @pixeluibygoogle

    2 Dec 2025

    4008 Impressions

    8 Retweets

    127 Likes

    8 Bookmarks

    1 Reply

    1 Quote

  26. گوگل ۲ آسیب پذیری با کدهای شناسایی CVE-2025-48633 از نوع افشای اطلاعات و CVE-2025-48572 از نوع privilege escalation را پچ‌ نمود.سیستم عامل های اندروید نسخه های ۱۳ تا ۱۶ دارای این

    @EthicalSafe

    2 Dec 2025

    44 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. Google fixes Android vulnerabilities “under targeted exploitation” (CVE-2025-48633, CVE-2025-48572) https://t.co/gOt5gR03x6 #HelpNetSecurity #Cybersecurity https://t.co/V0w6XPXkov

    @PoseidonTPA

    2 Dec 2025

    46 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. Your Android is vulnerable right now. Google just confirmed two active zero-day exploits are being used in "targeted attacks" against users. CVE-2025-48633 (steals your info). CVE-2025-48572 (gives hackers control). 107 total flaws patched in the December update. If you're h

    @AIRevSpot

    2 Dec 2025

    101 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  29. Security updates for Android have addressed 107 security flaws, including 2 High severity CVE's. CVE-2025-48572, a privilege escalation vulnerability, and CVE-2025-48633, an information disclosure vulnerability. Both of these vulnerabilities have had limited exploitation in the

    @Rastguyan_

    2 Dec 2025

    44 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  30. #Google fixes #Android vulnerabilities “under targeted exploitation” (CVE-2025-48633, CVE-2025-48572) https://t.co/hXfeVVhyFY https://t.co/uh2abVzJCD

    @evanderburg

    2 Dec 2025

    77 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  31. Urgent sécurité Android: deux zero-days (CVE-2025-48633, CVE-2025-48572) exploités touchent Android 13–16. MAJ 2025-12-01/12-05 corrige 107 failles. Vous avez mis à jour ? #MiseAJourAndroid https://t.co/J1mEXkizqA

    @CyberSentinelle

    2 Dec 2025

    47 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  32. Vulnerability Alert — Android December 2025 Google patched 107 Android flaws, including two Framework vulnerabilities (CVE-2025-48633, CVE-2025-48572) exploited in the wild and a critical DoS issue (CVE-2025-48631). Google notes signs of limited, targeted exploitation. https:/

    @CloneSystemsInc

    2 Dec 2025

    69 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  33. The zero-days, identified as CVE-2025-48633 and CVE-2025-48572, affect the platform’s Framework component and could be exploited for information disclosure or privilege escalation. Users are urged to update immediately. #cybersecurity https://t.co/ovMmsq67EX

    @GuardingPearSof

    2 Dec 2025

    82 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  34. Android Security Bulletin - December 2025 https://t.co/qNgpMJTWFx 7 crits, CVE-2025-48633 & CVE-2025-48572 exploited ITW

    @xvonfers

    2 Dec 2025

    3860 Impressions

    3 Retweets

    31 Likes

    18 Bookmarks

    0 Replies

    0 Quotes

  35. 🔐 تحديث أمان جديد من #Google يعالج 107 ثغرة في Android، بينها ثغرتان صفرية تم استغلالها فعلًا ⚠️ 🛡️ أخطرها: • CVE-2025-48633 → تسريب معلومات • CVE-2025-48572 → رفع صلاحيات

    @Infoandtech3

    2 Dec 2025

    70 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  36. ⚠️ Google just fixed 107 security flaws in Android — including two that hackers already used in real attacks. The exploited bugs (CVE-2025-48633 & CVE-2025-48572) affect the Android Framework and could expose data or give attackers higher access. Read: https://t.co/n8

    @TheHackersNews

    2 Dec 2025

    15009 Impressions

    69 Retweets

    178 Likes

    27 Bookmarks

    0 Replies

    1 Quote

Configurations

References

Sources include official advisories and independent security research.