Google fixes one actively exploited Android zero-day, 124 flaws

The Discovery of a Zero-Day Flaw

Google’s June 2026 Android security patches address 124 vulnerabilities. One of them, a high-severity zero-day flaw in the Android Framework component, is tracked as CVE-2025-48595. This vulnerability is serious. Google says there are indications it may be under limited, targeted exploitation. That’s why updating to the latest version of Android is crucial. Newer versions have enhancements that make exploitation of many issues more difficult.

Under the Hood of CVE-2025-48595

CVE-2025-48595 is an elevation-of-privilege flaw in the Android Framework component. It affects devices running Android 14 or later. If successfully exploited, this vulnerability could allow an attacker to gain code execution and escalate privileges on these devices. The fact that it’s being exploited in targeted attacks shows the ongoing trend of attacks against mobile devices, especially those running newer versions of Android. Users of Android devices running versions 14, 15, 16, and 16 QPR2 are affected. High-profile or high-interest individuals are particularly targeted.

This vulnerability is part of a broader trend. Commercial spyware campaigns and nation-state operations have used similar vulnerabilities to compromise high-profile targets. The active exploitation of this Android zero-day flaw shows that even the latest versions of the operating system are not immune to exploitation. This has significant implications for the mobile ecosystem. It suggests vulnerabilities can be found and exploited regardless of the operating system version. Google first mentioned indications of limited, targeted exploitation of CVE-2025-48595 in its Android Security Bulletin in March 2025. Before June 2026, CVE-2025-48595 was exploited in targeted attacks. Google’s release of the June 2026 Android security patches is crucial in mitigating this vulnerability. Users should update to the latest version of Android as soon as possible.

For Defenders

Protecting against this vulnerability requires immediate action. Users should update to the latest version of Android and apply the June 2026 Android security patches. Devices should be running Android 14 or later with the latest security updates. Disabling unnecessary features and apps can also help reduce the attack surface. The most severe issue is a critical security vulnerability in the Framework component. It could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not required for exploitation. So, taking action now is essential.

Sources

1. https://www.cve.org/CVERecord?id=CVE-2025-48595
2. https://www.cve.org/CVERecord?id=CVE-2025-65018
3. https://nvd.nist.gov/vuln/detail/CVE-2025-48595
4. https://nvd.nist.gov/vuln/detail/CVE-2025-48633
5. https://nvd.nist.gov/vuln/detail/CVE-2025-48572
6. https://nvd.nist.gov/vuln/detail/CVE-2026-21385
7. https://nvd.nist.gov/vuln/detail/CVE-2025-65018