Google on Monday announced its latest Android update, which includes patches for 124 vulnerabilities, including a zero-day that has been exploited in targeted attacks.
The exploited vulnerability is CVE-2025-48595, which Google describes as a high-severity privilege escalation issue affecting Android’s Framework component.
“There are indications that CVE-2025-48595 may be under limited, targeted exploitation,” Google said in its advisory.
There does not appear to be any information on the attacks exploiting CVE-2025-48595.
However, commercial spyware vendors have become the dominant force behind most zero-day exploits targeting Android devices, developing and selling sophisticated attack chains primarily to government clients. Google’s own researchers are often the ones who discover these exploits.
Of the remaining vulnerabilities patched in the latest Android versions, 18 have been assigned a ‘critical’ severity rating. They affect the framework, system, and Qualcomm closed-source components, and their exploitation can lead to privilege escalation and denial of service (DoS).
The other issues have all been rated ‘high severity’. They affect System, Framework, Kernel, and components provided by Imagination Technologies, MediaTek, Unisoc, and Qualcomm.
A majority can be exploited for privilege escalation and DoS attacks, and a few can lead to information disclosure.
Only one of them, a System vulnerability tracked as CVE-2026-0059, can be exploited for remote code execution.
Related: New BTMOB Android Malware Enables Full Device Takeover
Related: Critical Remote Code Execution Vulnerability Patched in Android
Related: Google Adjusts Bug Bounties: Chrome Payouts Drop as Android Rewards Rise Amid AI Surge
