CISA Warns of Android 0-Day Vulnerability Exploited in Attacks - cyberpress.org
cyberpress.orgArchived Jun 24, 2026✓ Full text saved
CISA Warns of Android 0-Day Vulnerability Exploited in Attacks cyberpress.org
Full text archived locally
✦ AI Summary· Claude Sonnet
CISA Warns of Android 0-Day Vulnerability Exploited in Attacks
By AnuPriya
December 3, 2025
Categories:
Cyber Security NewsCybersecurityVulnerabilityZero-day
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding two active Android zero-day vulnerabilities, adding them to its Known Exploited Vulnerabilities (KEV) catalog on December 2, 2025.
These security flaws, found within the Android Framework, are currently being exploited in the wild, prompting a federal mandate for immediate remediation by December 23, 2025.
Technical Analysis of the Vulnerabilities
The two vulnerabilities affect the core Android Framework, a critical layer of the operating system that manages application interactions and system resources.
CVE-2025-48572 (Privilege Escalation): This high-severity vulnerability allows a local attacker to escalate privileges on a compromised device. By exploiting an unspecified flaw in the Framework, a malicious actor could gain elevated permissions potentially up to the SYSTEM level without requiring user interaction.
This type of exploit is particularly dangerous as it allows attackers to bypass sandbox restrictions and gain persistence on the device.
CVE-2025-48633 (Information Disclosure): This vulnerability enables attackers to access sensitive data that should be restricted.
While information disclosure flaws are often considered less severe than remote code execution, they are frequently chained with privilege escalation exploits (like CVE-2025-48572) to map memory layouts or steal credentials necessary for a full device compromise.
CISA’s addition of these CVEs to the KEV catalog confirms that threat actors are actively leveraging them in attacks.
While the specific campaigns have not been attributed to a known ransomware group, the potential for data theft and device takeover makes patching critical.
Federal civilian executive branch (FCEB) agencies are required to apply vendor-provided patches by the December 23, 2025 deadline under Binding Operational Directive (BOD) 22-01.
Private organizations and individual users are strongly advised to check for system updates immediately.
If a security patch is not yet available from your device manufacturer, CISA recommends discontinuing the use of the product until mitigations are released.
The agency also noted a separate vulnerability affecting OpenPLC ScadaBR systems in the same update, highlighting a broad range of targets in this week’s security advisory.
CVE ID Vulnerability Name Component Impact Due Date
CVE-2025-48572 Android Framework Privilege Escalation Android Framework Allows local attackers to gain elevated system privileges. 2025-12-23
CVE-2025-48633 Android Framework Information Disclosure Android Framework Allows unauthorized access to sensitive memory or data. 2025-12-23
Unspecified OpenPLC ScadaBR Vulnerability ScadaBR Unspecified vulnerability in industrial automation software. 2025-12-23
Find this Story Interesting! Follow us on Google News, LinkedIn and X to Get More Instant Updates
Share
Facebook
Twitter
Pinterest
WhatsApp
AnuPriya
Any Priya is a cybersecurity reporter at Cyber Press, specializing in cyber attacks, dark web monitoring, data breaches, vulnerabilities, and malware. She delivers in-depth analysis on emerging threats and digital security trends.
Recent Articles
Critical Laravel Livewire RCE Flaw Exploited to Steal Credentials From 6,000+ Apps
Cyber Security News June 24, 2026
Microsoft Teams Phishing Lures Push Victims Toward Remote Access Tool Installation
Cyber Security News June 24, 2026
Grafana Confirms TanStack npm Supply Chain Ransom Incident Hit GitHub Environment
Cyber Security News June 24, 2026
Woodgnat Uses ClickFix, FileFix, and CrashFix Lures to Deliver Remote Access Malware
Cyber Security News June 24, 2026
Android Malware Disguised as Document Reader Reaches 100K Downloads on Google Play
Android June 24, 2026
Related Stories
Cyber Security News
Critical Laravel Livewire RCE Flaw Exploited to Steal Credentials From 6,000+ Apps
Lucas Martin - June 24, 2026
Cyber Security News
Microsoft Teams Phishing Lures Push Victims Toward Remote Access Tool Installation
Varshini - June 24, 2026
Cyber Security News
Grafana Confirms TanStack npm Supply Chain Ransom Incident Hit GitHub Environment
Lucas Martin - June 24, 2026
Cyber Security News
Woodgnat Uses ClickFix, FileFix, and CrashFix Lures to Deliver Remote Access Malware
Varshini - June 24, 2026
Android
Android Malware Disguised as Document Reader Reaches 100K Downloads on Google Play
Varshini - June 24, 2026
Cyber Security News
Hackers Use Fake Outlook Update Portal to Deploy Edgecution Browser-Based Backdoor
Varshini - June 24, 2026
LEAVE A REPLY
Comment:
Name:*
Email:*
Website: