This week Google issued fixes for 107 total security vulnerabilities, including two zero-day flaws, with the release of its Android Security Bulletin December 2025. The two high severity bugs, which have been actively exploited in the wild, are CVE-2025-48633, which is an information disclosure bug, and CVE-2025-48572, which is an elevation of privilege issue. Another critical bug that was fixed this month is CVE-2025-48631 which is a DoS (denial-of-service) flaw in the Android Framework.

The two highlighted vulnerabilities affect Android versions 13 through 16, and while Google in typical fashion has not shared details about any related technical or exploitation issues, it is understood that flaws like this have previously been used by commercial spyware for targeted exploitation and foc

See Full Page