Google Patches Android Zero-Day CVE-2025-48595 Exploited in Targeted Attacks

The Discovery of a Critical Flaw

Google’s June 2026 Android security updates fixed 124 vulnerabilities, a significant number. One flaw, CVE-2025-48595, is particularly alarming. This vulnerability has a CVSS score of 8.4. It’s being exploited in attacks, affecting devices running Android 14, 15, 16, and Android 16 QPR2. The issue stems from an integer overflow, which can lead to code execution and privilege escalation on a vulnerable device. Google confirmed CVE-2025-48595 is being exploited in limited, targeted attacks.

The vulnerability is serious, and its impact should not be underestimated. Devices running affected Android versions are at risk of targeted exploitation, which could lead to attackers gaining full control of the device.

Under the Hood of CVE-2025-48595

CVE-2025-48595 is a high-severity integer overflow vulnerability. Its CVSS score is 8.4, and its vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This means the vulnerability can be exploited locally, with low attack complexity and low privileges required. The fact that it enables a local attacker to escalate privileges and execute code at a higher permission level without requiring user interaction makes it dangerous. Google released a fix for this vulnerability as part of the June 2026 Android security updates. The fix is available for devices running Android 14, 15, 16, and Android 16 QPR2.

This vulnerability is part of a larger trend of targeted attacks on mobile devices. It highlights the increasing sophistication of threat actors in exploiting zero-day vulnerabilities to gain elevated access. The exploitation of CVE-2025-48595 is similar to recent attacks on iOS devices. This shows that mobile operating systems are a growing focus for attackers seeking to compromise sensitive information.

Fallout and Response

The discovery and exploitation of CVE-2025-48595 show the need for timely patch management. This is an industry-wide challenge: ensuring the security of complex, interconnected systems. To mitigate the risk of exploitation, Android device owners should update their devices to the latest June 2026 security patch. This ensures they are no longer running vulnerable versions like Android 14, 15, 16, or Android 16 QPR2. Applying the fix for CVE-2025-48595, as outlined in the Android Security Bulletin, is crucial for protecting against this vulnerability.

Google released the June 2026 Android security updates, which fixed 124 vulnerabilities, including CVE-2025-48595. At the same time, Google confirmed the limited, targeted exploitation of CVE-2025-48595. This emphasizes the importance of swift action to secure affected devices. The timeline of events surrounding CVE-2025-48595 began before June 2026, when the vulnerability was discovered and exploited in the wild.

Sources

1. https://source.android.com/security/bulletin
2. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-48595