Google Patches 107 Android Flaws, Together with Two Framework Bugs Exploited within the Wild

Dec 02, 2025Ravie LakshmananCell Safety / Vulnerability

Google on Monday launched month-to-month safety updates for the Android working system, together with two vulnerabilities that it mentioned have been exploited within the wild.

The patch addresses a complete of 107 safety flaws spanning totally different parts, together with Framework, System, Kernel, in addition to these from Arm, Creativeness Applied sciences, MediaTek, Qualcomm, and Unison.

The 2 high-severity shortcomings which were exploited are listed beneath –

• CVE-2025-48633 – An info disclosure vulnerability in Framework
• CVE-2025-48572 – An elevation of privilege vulnerability in Framework

As is customary, Google has not launched any extra particulars concerning the nature of the assaults, exploiting them, if they’ve been chained collectively or used individually, and the dimensions of such efforts. It isn’t recognized who’s behind the assaults.

Nevertheless, the tech large acknowledged in its advisory that there are indications they “could also be beneath restricted, focused exploitation.”

Additionally fastened by Google as a part of the December 2025 updates is a vital vulnerability within the Framework element (CVE-2025-48631) that would lead to distant denial-of-service (DoS) with no extra execution privileges wanted.

The safety bulletin for December contains two patch ranges, particularly, 2025-12-01 and 2025-12-05, giving system producers flexibility to handle a portion of vulnerabilities which are comparable throughout all Android units extra shortly. Customers are advisable to replace their units to the newest patch degree as quickly because the patches are launched.

The event comes three months after the corporate shipped fixes to remediate two actively exploited flaws within the Linux Kernel (CVE-2025-38352, CVSS rating: 7.4) and Android Runtime (CVE-2025-48543, CVSS rating: 7.4) that would result in native privilege escalation.