Google has released critical security updates to address multiple zero-day vulnerabilities affecting Android devices worldwide.
The December 2025 security bulletin reveals that threat actors are actively exploiting at least two of these vulnerabilities in real-world attacks, prompting urgent action from the tech giant.
Critical Vulnerabilities Under Active Exploitation
The two most concerning vulnerabilities being actively exploited are CVE-2025-48633 and CVE-2025-48572, both classified as information disclosure (ID) issues with high severity ratings.
These vulnerabilities reside in Android’s Framework component and require immediate attention from device manufacturers and users.
CVE-2025-48633 poses a significant risk by allowing unauthorized disclosure of information on affected versions of Android 13, 14, 15, and 16.
Similarly, CVE-2025-48572 is classified as a privilege escalation vulnerability that could enable attackers to gain elevated access on vulnerable devices.
| Aspect | CVE-2025-48572 | CVE-2025-48633 |
|---|---|---|
| Vulnerability Type | Elevation of Privilege (EoP) | Information Disclosure (ID) |
| Severity Rating | High | High |
| Component | Android Framework | Android Framework |
| Affected Versions | Android 13, 14, 15, 16 | Android 13, 14, 15, 16 |
| Impact Description | Allows attacker to gain elevated system privileges without requiring additional permissions | Enables unauthorized access to sensitive device information and data |
Most Severe Threat: Remote Denial of Service
While CVE-2025-48633 and CVE-2025-48572 represent the most actively exploited threats, the security bulletin identifies an even more critical vulnerability.
CVE-2025-48631 stands out as the most severe issue in this month’s update, capable of causing remote denial-of-service attacks.
What makes this vulnerability particularly dangerous is that attackers need no additional execution privileges to exploit it, meaning even unauthenticated attackers could trigger it.
Google’s security response is comprehensive, addressing over 30 vulnerabilities across multiple Android components.
Security patch levels resolve these issues, with source code patches to be released to the Android Open-Source Project within 48 hours of the bulletin’s publication.
The Framework component dominates this month’s updates, with vulnerabilities including privilege escalation flaws (CVE-2025-22420, CVE-2025-48525).
Denial-of-service issues and information disclosure vulnerabilities affecting Android versions 13 through 16. Google emphasizes that users can significantly reduce their risk through immediate action.
The company has implemented multiple layers of protection through the Android security platform and Google Play Protect, which are enabled by default on devices with Google Mobile Services.
Security experts advise users to install available updates immediately, particularly those using Android 13, 14, 15, or 16.
Device manufacturers received advance notification at least one month before the public bulletin release, allowing them time to prepare patches for their specific devices.
Android device owners should prioritize checking for available security updates in their device settings. Users can verify their current security patch level through their device’s About Phone section.
Immediate installation of patches addressing the December 5, 2025, security level is strongly recommended, especially for devices that active exploits may target.
Additionally, users should ensure Google Play Protect remains enabled and consider limiting app installation to the official Google Play Store, as the system actively monitors for potentially harmful applications that might exploit these vulnerabilities.
