Google has shipped patches for 51 Android vulnerabilities, including two high-severity flaws (CVE-2025-48633, CVE-2025-48572) that “may be under limited, targeted exploitation”.
According to the December Android security bulletin, both vulnerabilities affect the Android Framework, which is a collection of core software components, libraries, and APIs that developers use to build Android apps.
Their exact nature has yet to be revealed, but the bulletin notes that CVE-2025-48633 can be exploited by Android applications to access sensitive information, and CVE-2025-48572 may allow attackers to elevate privileges on vulnerable Android devices.
As per usual, details about the attacks are kept under wraps, but the wording seems to point to state-sponsored attackers and/or espionage via spyware.
The bulletin lists additional 56 flaws affecting Android’s kernel, and ARM, Imagination Technologies, MediaTek, Unisoc and Qualcomm components. Patches for those will be included in the December 5 “patch level” (2025-12-05).
(Google ships two security patch levels “so that Android partners have the flexibility to fix a subset of vulnerabilities that are similar across all Android devices more quickly.”)
The December 1 patches (2025-12-01) are available for Android 13, 14, 15, and 16.
Security updates for Android-based devices
Vendors of Android-powered devices usually get a month or so to develop security updates, so they may ship them around the same time Google publishes its monthly Android security bulletin.
Samsung has pushed out a maintenance release for major flagship models that includes patches from both Google and Samsung, including the one for CVE-2025-48633.
Motorola has likewise patched only CVE-2025-48633 this December.
Huawei, LGE, Nokia, Oppo, and others are expected to release patches soon.
Android users are advised to check for updates and implement them if they are available.
Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabilities and cybersecurity threats. Subscribe here!