Android Emergency: Critical DoS Flaw and 2 Exploited Zero-Days in Framework Require Immediate Patch

Google has released the Android Security Bulletin for December 2025, detailing a slate of vulnerabilities affecting the world’s most popular mobile operating system. The update is headlined by warnings of active exploitation in the wild and a critical flaw in the Android Framework that could allow remote attackers to disable devices.

Security patches are rolling out in two phases: the 2025-12-01 level covers core Android components (Framework, System), while the 2025-12-05 level addresses kernel and vendor-specific issues.

Google has confirmed that at least two vulnerabilities listed in this bulletin are likely being weaponized by attackers. The bulletin explicitly states, “There are indications that the following may be under limited, targeted exploitation.”

• CVE-2025-48633: An Information Disclosure (ID) vulnerability in the Framework component.
• CVE-2025-48572: An Elevation of Privilege (EoP) vulnerability in the Framework, affecting Android versions 13, 14, 15, and 16.

These flaws allow attackers to gain unauthorized access or privileges, often serving as the first step in a complex attack chain to compromise a device.

The most severe vulnerability in the December bulletin is a Critical flaw in the Framework component, tracked as CVE-2025-48631.

This vulnerability is a remote Denial of Service (DoS) issue. According to the report, it “could lead to remote denial of service with no additional execution privileges needed”. This implies that an attacker could crash a device or render it unresponsive remotely, without needing the user to download an app or click a malicious link.

The bulletin also highlights critical flaws in the Android Kernel, specifically within the Protected KVM (PKVM) and IOMMU subsystems. These vulnerabilities are rated Critical for Elevation of Privilege (EoP):

• CVE-2025-48623 (PKVM)
• CVE-2025-48624 (IOMMU)
• CVE-2025-48637 (PKVM)
• CVE-2025-48638 (PKVM)

The Protected KVM (PKVM) is a security feature used to isolate sensitive data and code. Compromising this component could allow an attacker to bypass fundamental security boundaries on the device.

A significant portion of the update addresses hardware-specific vulnerabilities found in chipsets from major vendors. Users’ risk depends heavily on the specific hardware inside their phone.

• Qualcomm: Patched two Critical vulnerabilities in closed-source components (CVE-2025-47319, CVE-2025-47372) alongside multiple High-severity issues.
• MediaTek: Addressed nearly 20 High-severity flaws, primarily affecting the Modem and IMS service components.
• Unisoc: Fixed a dozen High-severity vulnerabilities, almost exclusively targeting the Modem component.
• Arm & Imagination: Released patches for High-severity issues in Mali and PowerVR GPU drivers.

Users are strongly advised to check for the 2025-12-05 security patch level to ensure protection against both software and hardware vulnerabilities.

Related Posts:

• Fortinet FortiGate Firewalls Targeted in Sophisticated Campaign Exploiting Management Interfaces
• Microsoft Teams Will Auto-Track Office Location via Wi-Fi
• Google Fixes Critical RCE Vulnerabilities in December 2024 Pixel Security Update
• Microsoft Addresses Critical Zero-Day CVE-2024-49138 & 72 Additional Flaws in December Patch Tuesday
• Android Security Update: Critical RCE Flaw (CVE-2025-48530) in System Component Patched