Mobile & Wireless

Android Update Patches Exploited Zero-Day, 123 Other Vulnerabilities

Google says the Android vulnerability CVE-2025-48595 has been exploited in limited, targeted attacks.

Android vulnerability

Google on Monday announced its latest Android update, which includes patches for 124 vulnerabilities, including a zero-day that has been exploited in targeted attacks.

The exploited vulnerability is CVE-2025-48595, which Google describes as a high-severity privilege escalation issue affecting Android’s Framework component. 

“There are indications that CVE-2025-48595 may be under limited, targeted exploitation,” Google said in its advisory.

There does not appear to be any information on the attacks exploiting CVE-2025-48595. 

However, commercial spyware vendors have become the dominant force behind most zero-day exploits targeting Android devices, developing and selling sophisticated attack chains primarily to government clients. Google’s own researchers are often the ones who discover these exploits. 

Of the remaining vulnerabilities patched in the latest Android versions, 18 have been assigned a ‘critical’ severity rating. They affect the framework, system, and Qualcomm closed-source components, and their exploitation can lead to privilege escalation and denial of service (DoS).

Advertisement. Scroll to continue reading.

The other issues have all been rated ‘high severity’. They affect System, Framework, Kernel, and components provided by Imagination Technologies, MediaTek, Unisoc, and Qualcomm. 

A majority can be exploited for privilege escalation and DoS attacks, and a few can lead to information disclosure. 

Only one of them, a System vulnerability tracked as CVE-2026-0059, can be exploited for remote code execution.

Related: New BTMOB Android Malware Enables Full Device Takeover

Related: Critical Remote Code Execution Vulnerability Patched in Android

Related: Google Adjusts Bug Bounties: Chrome Payouts Drop as Android Rewards Rise Amid AI Surge

Related Content

Vulnerabilities

The critical-severity security defect allows remote, authenticated attackers to execute arbitrary code on the server.

Vulnerabilities

The researcher stripped the proof-of-concept (PoC) exploit to prevent immediate exploitation of the vulnerability.

Risk Management

Three vulnerabilities are actively exploited in attacks, including two that have been targeted as zero-days.

Vulnerabilities

The company has rolled out a fix and is restoring access for Storage Zones Controller customers who apply it.

Vulnerabilities

SonicWall SMA1000 zero-day vulnerabilities CVE-2026-15409 and CVE-2026-15410 can be exploited for remote code execution.

Vulnerabilities

Two flaws in Active Directory and SharePoint Server have been exploited as zero-days, and a BitLocker bug was publicly disclosed.

Vulnerabilities

Threat actors have been targeting Balbooa Forms and iCagenda Joomla extension flaws for remote code execution.

Ransomware

The Microsoft Defender vulnerability CVE-2026-33825 was exploited in the wild as a zero-day before patches were released.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version