Skip to main content
Live Webinar with SANS (June 25)— Agentic CTI Automation for Fun & ProfitRegister Free
Mallory
Back to intelligence
actively-exploited-vulnerabilityendpoint-software-vulnerabilitywidely-deployed-product-advisory

Android December 2025 Security Update Addresses Critical DoS and Two Exploited Zero-Days

Updated 3mo agoFirst seen Dec 2, 202516 sources

Google released the December 2025 Android Security Bulletin, patching 107 vulnerabilities, including a critical remote Denial of Service (DoS) flaw (CVE-2025-48631) in the Android Framework and two zero-day vulnerabilities (CVE-2025-48633 and CVE-2025-48572) that are reportedly under active exploitation. The zero-days allow for information disclosure and elevation of privilege, affecting Android versions 13 through 16, and are believed to be targeted in limited attacks. The DoS vulnerability enables remote attackers to crash or disable devices without requiring user interaction or additional execution privileges.

The update is distributed in two patch levels (2025-12-01 and 2025-12-05), covering both core Android components and vendor-specific issues. Google’s disclosure highlights the ongoing threat posed by actively exploited vulnerabilities in the Android ecosystem and underscores the importance of timely patching by device manufacturers and users. The December update represents one of the largest patch releases of the year, following a period of irregular vulnerability reporting from Google.

Share:
Android December 2025 Security Update Addresses Critical DoS and Two Exploited Zero-Days
Stay ahead

Get ahead of threats like this

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.

Start free trial
EVENT TIMELINE

How this story unfolded

3 events from the most recent confirmed update back to the earliest known activity.

3 EVENTS
Dec 3, 20257mo ago

CISA adds the two Android Framework zero-days to the KEV catalog

After not appearing in CISA's Known Exploited Vulnerabilities catalog when Google published the bulletin, the two exploited Android Framework flaws were later added to KEV. Multiple follow-on reports on December 3 noted the KEV listing for CVE-2025-48633 and CVE-2025-48572.

Google says AOSP source patches will follow bulletin release

Google stated that source code for the vulnerabilities fixed in the December bulletin would be released to the Android Open Source Project repository within about 48 hours, by Wednesday after the bulletin's publication. This would make the fixes available to the broader Android ecosystem after the initial bulletin release.

Dec 1, 20257mo ago

Google publishes December 2025 Android security bulletin

Google released the December 2025 Android Security Bulletin with patch levels 2025-12-01 and 2025-12-05, addressing 107 vulnerabilities across Framework, System, Kernel, and multiple vendor components. The bulletin identified CVE-2025-48631 as the most severe issue and said two Framework flaws, CVE-2025-48633 and CVE-2025-48572, were under limited, targeted exploitation.

LINKED ENTITIES

Related entities

Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.

81 LINKEDOpen in app
Vulnerabilities
58 linked
Android Framework Information Disclosure VulnerabilityAndroid Framework background activity launch privilege escalationRemote DoS in Android Framework LocalImageResolver.onHeaderDecodedQualcomm boot process ELF image buffer overflow memory corruptionInformation disclosure in Qualcomm closed-source TA-to-TA communication APIs exposed to HLOSOut-of-bounds write in Android Kernel arm-smmu-v3 IOMMULocal privilege escalation in Android Kernel pKVM mem_protect.cLocal Privilege Escalation in Android Kernel pKVM init_pkvm_hyp_vcpuOut-of-bounds write in Android Kernel pKVM __pkvm_load_tracingUse-after-free in Linux kernel AF_UNIX MSG_OOB handlingImagination PowerVR GPU improper memory protection handling allows write access to read-only exported buffersLinux kernel af_unix stale oob_skb handling in OOB data pathInformation disclosure in Imagination PowerVR trusted execution environment isolationMemory corruption in Qualcomm DSP service buffer allocationNULL Pointer Dereference in Imagination PowerVR GPU driverUse-after-free in Linux kernel eventpoll epoll refcount handlingUse-after-free in Imagination PowerVR GPU kernel driverQualcomm memory corruption while processing user buffersUse-After-Free in Arm Valhall and 5th Gen GPU Architecture Kernel DriverUse-After-Free in Arm Valhall / 5th Gen GPU Kernel DriverAndroid System forwarded intent user profile boundary bypass EoPConfused deputy privilege escalation in Android SettingsSliceProviderMemory corruption in Qualcomm boot loader firmware loadingRemote DoS in Unisoc modem input validationRemote Privilege Escalation in Unisoc Modem Input ValidationLinux kernel POSIX CPU timers race condition privilege escalationAndroid CallRedirectionProcessor permission bypass leading to local privilege escalationUse-after-free privilege escalation in Android Runtime (ART)Remote DoS in Unisoc NR Modem Input ValidationRemote DoS in Unisoc NR Modem Input ValidationRemote DoS in Unisoc dpc modem via null pointer dereferenceRemote DoS in Unisoc NR Modem Input ValidationAndroid System CallRedirectionProcessor notifyTimeout improper input validation EoPAndroid Framework cross-profile intent filter bypass local privilege escalationAndroid Framework emergency dialing denial of service in AppOpsService.verifyAndGetBypassCross-user image leak in Android PrintManagerServicePermanent DoS in Android NotificationManagerService updateNotificationChannelGroupFromPrivilegedListenerAndroid background app launch precondition check failure privilege escalationWork profile contact leak in Android EditFdnContactScreen confused deputyAndroid Framework companion device disassociation privilege escalation in DisassociationProcessor.javaAndroid Framework lockscreen browser launch privilege bypass in CommandParamsFactoryAndroid Framework default speech recognizer privilege escalationAndroid System local information disclosure due to missing permission checkAndroid DefaultPaymentSettings improper input validation local privilege escalationPermanent denial of service in Android Framework InputMethodInfoAndroid Framework factory reset in DSU mode due to missing permission checkAndroid Framework intent filter bypass race condition local privilege escalationOut-of-bounds read in Android C2SoftDav1dDec initDecoderAndroid Framework local privilege escalation in VoiceInteractionManagerServiceAndroid Framework cross-user permission grant in HeaderPrivacyIconsController.ktAndroid System CertInstaller permission bypass local privilege escalationAndroid Framework missing permission check information disclosureAndroid System local information disclosure due to missing permission checkAndroid Framework MediaBrowser background while-in-use permission bypass in connectInternalAndroid Framework improper input validation local privilege escalation in multiple locationsOut-of-bounds read in Android ProcessAreaOut-of-bounds read in Android Framework Parcel.cpp appendFromCross-profile information disclosure in Android NotificationStation
Affected products
4 linked
AndroidAndroidAndroidAndroid
Organizations
19 linked
GoogleCISAQualcommMediaTekImagination TechnologiesArmUnisocSamsungSamsung ElectronicsCyberScoopMalwarebytesSOCRadarNokiaHuawei TechnologiesOppoAndroid Open Source ProjectUnisonLGEMotorola
SOURCE COVERAGE

Sources

16 references tracked. Mallory keeps watching after this page renders.

16 SOURCESView all
Zdnet Zero DayNews
Dec 4, 2025

Your Android phone may be in critical danger - update it ASAP

zdnet.com

Open source
ScworldNews
Dec 3, 2025

Android Framework bugs added to CISA KEV list

scworld.com

Open source
CyberthroneNews
Dec 3, 2025

Android Framework Zero-Days Hit CISA KEV

thecyberthrone.in

Open source
Malwarebytes LabsNews
Dec 2, 2025

Google patches 107 Android flaws, including two being actively exploited

malwarebytes.com

Open source
8 additional sources from 02-12-2025 to 02-12-2025
Socradar BlogNews
Dec 2, 2025

December 2025 Android Security Bulletin: Two Zero-Day Flaws Exploited

socradar.io

Open source
CyberscoopNews
Dec 1, 2025

Google addresses 107 Android vulnerabilities, including two zero-days

cyberscoop.com

Open source
Android Security BulletinNews
Dec 1, 2025

Android Security Bulletin—December 2025

source.android.com

Open source
Android Security BulletinNews
Dec 1, 2025

Android Security Bulletin—December 2025

source.android.com

Open source
The operational view lives in Mallory

See the full picture, correlated to your attack surface.

This page covers what’s public. Mallory adds the parts that aren’t — which of your assets are affected, which threat actors are using it right now, which detections to deploy, and what to do next.
Start free trial
Exposure mapping

Map indicators from this story to your assets and identify affected systems in minutes.

Threat actor evidence

Every observed campaign, victim, and pivot linked to actors named in this story.

Associated malware

Malware, exploits, and IOCs connected to the activity described here.

Detection signatures

YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.

Scheduled alerts

Get matching new stories delivered to your team as they break — not the next morning.

AI threads

Ask questions about this story and take action on the answers.

Android December 2025 Security Update Addresses Critical DoS and Two Exploited Zero-Days | Mallory