CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ⬡ Vulnerabilities & CVEs Jun 24, 2026

CISA Warns of Android 0-Day Vulnerability Exploited in Attacks - cyberpress.org

cyberpress.org Archived Jun 24, 2026 ✓ Full text saved

CISA Warns of Android 0-Day Vulnerability Exploited in Attacks cyberpress.org

Full text archived locally
✦ AI Summary · Claude Sonnet


    CISA Warns of Android 0-Day Vulnerability Exploited in Attacks By AnuPriya December 3, 2025 Categories: Cyber Security NewsCybersecurityVulnerabilityZero-day The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding two active Android zero-day vulnerabilities, adding them to its Known Exploited Vulnerabilities (KEV) catalog on December 2, 2025. These security flaws, found within the Android Framework, are currently being exploited in the wild, prompting a federal mandate for immediate remediation by December 23, 2025. Technical Analysis of the Vulnerabilities The two vulnerabilities affect the core Android Framework, a critical layer of the operating system that manages application interactions and system resources. CVE-2025-48572 (Privilege Escalation): This high-severity vulnerability allows a local attacker to escalate privileges on a compromised device. By exploiting an unspecified flaw in the Framework, a malicious actor could gain elevated permissions potentially up to the SYSTEM level without requiring user interaction. This type of exploit is particularly dangerous as it allows attackers to bypass sandbox restrictions and gain persistence on the device. CVE-2025-48633 (Information Disclosure): This vulnerability enables attackers to access sensitive data that should be restricted. While information disclosure flaws are often considered less severe than remote code execution, they are frequently chained with privilege escalation exploits (like CVE-2025-48572) to map memory layouts or steal credentials necessary for a full device compromise. CISA’s addition of these CVEs to the KEV catalog confirms that threat actors are actively leveraging them in attacks. While the specific campaigns have not been attributed to a known ransomware group, the potential for data theft and device takeover makes patching critical. Federal civilian executive branch (FCEB) agencies are required to apply vendor-provided patches by the December 23, 2025 deadline under Binding Operational Directive (BOD) 22-01. Private organizations and individual users are strongly advised to check for system updates immediately. If a security patch is not yet available from your device manufacturer, CISA recommends discontinuing the use of the product until mitigations are released. The agency also noted a separate vulnerability affecting OpenPLC ScadaBR systems in the same update, highlighting a broad range of targets in this week’s security advisory. CVE ID Vulnerability Name Component Impact Due Date CVE-2025-48572 Android Framework Privilege Escalation Android Framework Allows local attackers to gain elevated system privileges. 2025-12-23 CVE-2025-48633 Android Framework Information Disclosure Android Framework Allows unauthorized access to sensitive memory or data. 2025-12-23 Unspecified OpenPLC ScadaBR Vulnerability ScadaBR Unspecified vulnerability in industrial automation software. 2025-12-23 Find this Story Interesting! Follow us on Google News, LinkedIn and X to Get More Instant Updates Share Facebook Twitter Pinterest WhatsApp AnuPriya Any Priya is a cybersecurity reporter at Cyber Press, specializing in cyber attacks, dark web monitoring, data breaches, vulnerabilities, and malware. She delivers in-depth analysis on emerging threats and digital security trends. Recent Articles Critical Laravel Livewire RCE Flaw Exploited to Steal Credentials From 6,000+ Apps Cyber Security News June 24, 2026 Microsoft Teams Phishing Lures Push Victims Toward Remote Access Tool Installation Cyber Security News June 24, 2026 Grafana Confirms TanStack npm Supply Chain Ransom Incident Hit GitHub Environment Cyber Security News June 24, 2026 Woodgnat Uses ClickFix, FileFix, and CrashFix Lures to Deliver Remote Access Malware Cyber Security News June 24, 2026 Android Malware Disguised as Document Reader Reaches 100K Downloads on Google Play Android June 24, 2026 Related Stories Cyber Security News Critical Laravel Livewire RCE Flaw Exploited to Steal Credentials From 6,000+ Apps Lucas Martin - June 24, 2026 Cyber Security News Microsoft Teams Phishing Lures Push Victims Toward Remote Access Tool Installation Varshini - June 24, 2026 Cyber Security News Grafana Confirms TanStack npm Supply Chain Ransom Incident Hit GitHub Environment Lucas Martin - June 24, 2026 Cyber Security News Woodgnat Uses ClickFix, FileFix, and CrashFix Lures to Deliver Remote Access Malware Varshini - June 24, 2026 Android Android Malware Disguised as Document Reader Reaches 100K Downloads on Google Play Varshini - June 24, 2026 Cyber Security News Hackers Use Fake Outlook Update Portal to Deploy Edgecution Browser-Based Backdoor Varshini - June 24, 2026 LEAVE A REPLY Comment: Name:* Email:* Website:
    💬 Team Notes
    Article Info
    Source
    cyberpress.org
    Category
    ⬡ Vulnerabilities & CVEs
    Published
    Jun 24, 2026
    Archived
    Jun 24, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗