The Cybersecurity and Infrastructure Security Agency (CISA) has added two critical Android Framework vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, signaling active exploitation in the wild and prompting immediate action from organizations and device users worldwide.
The vulnerabilities CVE-2025-48572 and CVE-2025-48633 were officially listed on December 2, 2025, and represent a significant threat to the millions of Android devices in use across enterprise and consumer environments.
CVE-2025-48572 is an Android Framework privilege escalation vulnerability that enables attackers to elevate their access levels on compromised devices.
This type of vulnerability is hazardous because it allows threat actors to bypass security restrictions and gain unauthorized control over sensitive system functions.
Complementing this threat, CVE-2025-48633 represents an information disclosure vulnerability in the Android Framework, potentially exposing confidential user data and system information to malicious actors.
The addition of these vulnerabilities to CISA’s KEV catalog reflects the agency’s commitment to maintaining the authoritative source of actively exploited security vulnerabilities .
The KEV catalog serves as a critical resource for network defenders, security professionals, and organizations seeking to prioritize their vulnerability management efforts effectively.
By tracking real-world exploitation, CISA enables the cybersecurity community to focus remediation resources where they matter most.
For organizations managing Android-based infrastructure or employee devices, the implications are substantial.
Android Zero-Day Vulnerability
CISA has set a due date of December 23, 2025, for remediation, providing a 21-day window for entities to address the vulnerabilities before mandatory compliance requirements take effect.
The agency recommends applying mitigations per vendor instructions as the immediate priority. For those unable to implement patches or mitigations, discontinuing use of affected products may be necessary to prevent compromise.
The threat landscape surrounding Android vulnerabilities continues to evolve as attackers increasingly target the platform’s widespread deployment.
Android devices manage approximately 70% of the global mobile market share, making them attractive targets for threat actors seeking maximum impact.
The combination of privilege escalation and information disclosure vectors creates a compounding threat attackers can exploit these vulnerabilities in sequence to gain complete system control while exfiltrating sensitive data.
Organizations should integrate these vulnerabilities into their vulnerability management prioritization frameworks immediately.
CISA provides multiple access formats for the KEV catalog including CSV, JSON, and JSON Schema variants enabling seamless integration into security tools and platforms.
This accessibility ensures that even organizations with limited resources can leverage CISA’s intelligence to improve their security posture.
Recommendations
The addition of these Android vulnerabilities reflects broader patterns in the threat landscape, where mobile platforms increasingly become vectors for sophisticated attacks.
Enterprise organizations should ensure that Mobile Device Management (MDM) solutions are configured to enforce timely patching and that employees are notified of the importance of accepting security updates promptly.
As remediation timelines approach, organizations are encouraged to reference CISA’s advisory guidance and establish clear patching schedules.
The KEV catalog, updated continuously as new exploited vulnerabilities emerge, remains an essential tool for defenders seeking to stay ahead of active threat activity.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.