Android security Patch: Google has released the Android Security update for December 2025 addressing over 100 vulnerabilities and two actively exploited zero-day vulnerabilities across Framework, System, Kernel, and vendor components like Qualcomm, MediaTek, and Unisoc.

The most severe issues include a critical remote denial-of-service flaw in Framework and multiple zero-day elevation-of-privilege vulnerabilities actively exploited.

OEM	Google Android
Severity	Critical
CVSS Score	9.8
CVEs	CVE-2025-48631, CVE-2025-48633, CVE-2025-48572 & 104 more CVEs
POC Available	No
Actively Exploited	Yes
Exploited in Wild	No
Advisory Version	1.0

Overview 

These flaws could enable attackers to crash devices remotely, escalate privileges locally, or disclose sensitive data without additional execution privileges. Android users are urged to immediate updates as soon as available. 

Vulnerability Name	CVE ID	Product Affected	Severity	Fixed Version
Remote Denial-of-Service Vulnerability	CVE-2025-48631	Android Framework	Critical	Dec 2025 Android Security Update
Information Disclosure Zero-Day Vulnerability	CVE-2025-48633	Android Framework	High	Dec 2025 Android Security Update
Elevation of Privilege Zero-Day Vulnerability	CVE-2025-48572	Android Framework	High	Dec 2025 Android Security Update

Technical Summary 

The December 2025 Android vulnerabilities primarily impact Framework (remote DoS, EoP, ID), System (local privilege escalation), and Kernel (pKVM/IOMMU flaws), with additional high-severity issues in vendor components from Qualcomm, MediaTek, Arm and Unisoc. Critical zero-days like the Framework remote DoS enable attacker-initiated crashes without privileges, while EoP flaws allow local escalation for background activity launch or data access.

Organizations and users should treat these vulnerabilities as critical due to active exploitation. Updating all devices to the 2025 December, security patch level is strongly recommended to stay protected. 

CVE ID	Vulnerability Details	Impact
CVE-2025-48631	Framework vulnerability that allows a remote attacker to cause a device crash, reboot loop, or render it unresponsive without requiring additional privileges or user interaction.	Remote device crash, Denial of service
CVE-2025-48633	This exploiting framework information disclosure flaw that exposes sensitive internal system data, enabling attacker reconnaissance or exploit chaining	Data leakage, privacy violation
CVE-2025-48572	This exploiting elevation of privilege vulnerability within the Framework that allows attackers to gain higher system privileges, enabling unauthorized operations	Privilege escalation, arbitrary code execution

These additional vulnerabilities include 104 other Critical and High-severity issues that could allow data exposure, system instability, or service disruptions. Applying the latest update is important as these vulnerabilities still have significant security risks if left unpatched. 

Remediation: 

• Update all Android devices to the latest Security Patch when it’s available. 

Conclusion: 
These vulnerabilities, including actively exploited zero-days, pose severe risks to Android devices enabling remote crashes, privilege escalation, and data exposure. It is recommended to update to the both personal and enterprise Android devices to the latest security patch for December, 2025.  

References: 

• https://source.android.com/docs/security/bulletin/2025-12-01 

• https://securityonline.info/android-emergency-critical-dos-flaw-and-2-exploited-zero-days-in-framework-require-immediate-patch/ 

• https://cyberscoop.com/android-security-update-december-2025/