Today, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a warning regarding two new Android vulnerabilities that are currently being exploited. This information comes just hours after Google published patches for these security flaws.
Active Android Vulnerabilities: CVE-2025-48572 and CVE-2025-48633
Both vulnerabilities, categorized as high-severity issues, pose serious risks to Android users. Specifically, CVE-2025-48572 is a Privilege Escalation vulnerability, allowing attackers to gain unauthorized access to user privileges. Meanwhile, CVE-2025-48633 represents an Information Disclosure vulnerability, potentially allowing sensitive information to be exposed.
Google identified these vulnerabilities as part of the December security bulletin, which addressed a total of 107 different Android vulnerabilities. This introduces immediate concern as the threats are currently being targeted by malicious actors.
In its warning, Google noted that the two vulnerabilities “may be under limited, targeted exploitation.” Following this, CISA included these vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog, highlighting the pressing need for organizations to act swiftly.
The Importance of Timely Remediation
CISA emphasized the significance of addressing these vulnerabilities promptly due to their frequent exploitation in cyberattacks. “These types of vulnerabilities are a common attack vector for malicious cyber actors and pose significant risks to the federal enterprise,” the agency stated. They strongly urged organizations to prioritize the remediation of KEV Catalog vulnerabilities as part of their cybersecurity strategies to minimize exposure to attacks.
It’s worth noting that the vulnerabilities are so recent that details regarding their exploitation are sparse, with the CVE Program still designating the CVE numbers as “reserved.” As a result, both Google and CISA refrained from elaborating on the specific methods being used to exploit these vulnerabilities.
Additional Vulnerabilities Addressed in December Bulletin
The December Android security bulletin also included several other critical vulnerabilities requiring attention. Among these, CVE-2025-48631 stands out as a Denial of Service (DoS) vulnerability, which Google cautioned could cause remote denial of service without requiring additional execution privileges.
Four other critical vulnerabilities pertained to the Android kernel and fell under Elevation of Privilege (EoP) vulnerabilities, specifically: CVE-2025-48623, CVE-2025-48624, CVE-2025-48637, and CVE-2025-48638. Each of these vulnerabilities presents significant risks and underscores the need for diligent vulnerability management.
Additionally, there are two vulnerabilities associated with Qualcomm’s closed-source components: CVE-2025-47319, which involves an Exposure of Sensitive System Information to an Unauthorized Control Sphere, and CVE-2025-47372—a Buffer Overflow vulnerability that might lead to memory corruption.
While Google rates CVE-2025-47319 as “Critical,” Qualcomm itself assesses it at Medium severity. In contrast, both companies classify CVE-2025-47372 as Critical, further emphasizing the urgency of addressing these vulnerabilities. Detailed explanations regarding the Qualcomm vulnerabilities can be found in a related article from The Cyber Express.
