CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 02, 2026

Google fixes actively exploited Android vulnerability (CVE-2025-48595)

Help Net Security Archived Jun 02, 2026 ✓ Full text saved

Google has announced the June 2026 Android security updates, which fix a bucketload of vulnerabilities, including a high-severity vulnerability (CVE-2025-48595) in the Android Framework that “may be under limited, targeted exploitation.” About CVE-2025-48595 CVE-2025-48595 is an integer overflow vulnerability in the Android Framework, a set of APIs and system services that apps interact with directly. The flaw allows attackers to escalate privileges on a vulnerable device, and they may gain comp

Full text archived locally
✦ AI Summary · Claude Sonnet


    Zeljka Zorz, Editor-in-Chief, Help Net Security June 2, 2026 Share Google fixes actively exploited Android vulnerability (CVE-2025-48595) Google has announced the June 2026 Android security updates, which fix a bucketload of vulnerabilities, including a high-severity vulnerability (CVE-2025-48595) in the Android Framework that “may be under limited, targeted exploitation.” About CVE-2025-48595 CVE-2025-48595 is an integer overflow vulnerability in the Android Framework, a set of APIs and system services that apps interact with directly. The flaw allows attackers to escalate privileges on a vulnerable device, and they may gain complete access to the device and data on it. Successful exploitation does not hinge on user interaction, and the attack vector is local, which most likely means that the vulnerability is being exploited via a malicious app that targeted users have been tricked into installing. CVE-2025-48595 is present across Android versions 14, 15, 16, and 16-qpr2 (Quarterly Platform Release 2). The vulnerability’s NVD description seems to suggest that there are several vulnerable code paths, and hopefully Google’s patch has closed all of them off. More vulnerabilities addressed The June 2026 security updates will also patch other critical and high-severity vulnerabilities in the Android Framework, System (core Android daemons and services), Google Play system components, the Linux kernel, and third-party chipset components. Core Android OS fixes are addressed at patch level 2026-06-01, while devices running patch level 2026-06-05 or later will receive the full set of fixes, including those for kernel and chipset components. “We notify our Android partners of all issues at least a month before publishing the bulletin,” Google noted, and said that Android device and chipset manufacturers may also publish security vulnerability details specific to their products. “Within 48 hours after the initial publication of this bulletin, we will release the corresponding source code patches to the Android Open Source Project (AOSP) repository,” the company added. Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabilities and cybersecurity threats. Subscribe here! More about Android CVE security update vulnerability Share
    💬 Team Notes
    Article Info
    Source
    Help Net Security
    Category
    ◇ Industry News & Leadership
    Published
    Jun 02, 2026
    Archived
    Jun 02, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗