๐ŸŸข CVE-2025-48595

CVE-2025-48595 is an integer overflow vulnerability in Android that allows local privilege escalation without user interaction. While listed in CISA KEV indicating active exploitation, this is a client-side mobile OS vulnerability not typically deployed as an internet-facing service.

โ† Back to Overview
LOW_RISK
Risk Level
8.4
CVSS Score
LOCAL
Attack Vector
Privilege Escalation
ATT&CK Tactic
T1068 โ€” Exploitation for Privilege Escalation
ATT&CK Technique
VERY_LOW
Deployment Risk
No
Ransomware

๐Ÿ“‹ Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: OTHER

CVE Published: 2026-06-01

Added to CISA KEV: 2026-06-02 1 DAY BETWEEN CVE AND KEV

๐ŸŽฏ Recommendations:

๐Ÿ” Web Intelligence (Kagi ยท 2026-06-04)

CVE-2025-48595 is a high-severity security vulnerability affecting the Android operating system that has been confirmed by Google to be under active, limited exploitation in the wild [2] [4].

The following details summarize the current understanding of this vulnerability:

Vulnerability Overview
  • Nature of Flaw: It is an integer overflow vulnerability residing within the Android Framework, which is the core system layer present on all Android devices [1].
  • Severity: It is classified as a high-severity issue with a CVSS score of 8.4 [6].
  • Impact: Successful exploitation allows for an elevation of privilege (EoP), potentially granting an attacker complete control over the affected device [2] [4].
Exploitation and Threat Activity
  • Active Exploitation: Google confirmed in the June 2026 Android Security Bulletin that the vulnerability is being exploited in limited, targeted attacks [2] [5].
  • Attack Requirements: The vulnerability allows for escalation of privilege without requiring additional user interaction [5].
  • Campaigns: While currently described as "limited" and "targeted," security researchers warn that broader exploitation attempts are expected as technical details become more widely available following the patch release [1]. There is no current public attribution to specific ransomware groups or large-scale campaigns.
  • Proof-of-Concept/Exploit Tools: There are no widely available public exploit tools at this time, though the disclosure of the patch often precedes the development of such tools by malicious actors [1].
Patch and Mitigation Status
  • Patch Availability: The vulnerability was addressed in the June 2026 Android Security Bulletin, released on June 1, 2026 [4].
  • OEM Disclosure: Notably, Google had disclosed this vulnerability to Original Equipment Manufacturers (OEMs) in a security preview release as early as September 2025, allowing for earlier patching by some vendors [3].
  • Recommendation: Users are strongly advised to ensure their devices are updated to the latest available security patch level to mitigate the risk of exploitation.

Sources

  1. Android Framework Zero-Day (CVE-2025-48595): Actively Exploited ...

    CVE-2025-48595 is an integer overflow vulnerability in the Android Framework โ€” the core system layer that runs on every Android device. The ... Once technical details of CVE-2025-48595 become public โ€” as they typically do after the patch is widely distributed โ€” expect broader exploitation attempts.

  2. Android 0-Day Vulnerability Exploited in Attacks to Gain Complete ...

    The flaw, tracked as CVE-2025-48595, was highlighted in the June 2026 Android Security Bulletin, where Google confirmed limited real-world exploitation. The vulnerability resides in the Android Framework component and is a high-severity elevation-of-privilege (EoP) issue.

  3. June 2026 Android Security Bulletin notes CVE-2025-48595 is ...

    Google disclosed CVE-2025-48595 to OEMs in a security preview release near the end of September 2025. Those patches are allowed to be shipped ...

  4. Android 0-Day Vulnerability Exploited for Full Device Control

    Google has confirmed active exploitation of a high-severity Android zero-day vulnerability, CVE-2025-48595, in its June 2026 Android Security Bulletin published on June 1, 2026.

  5. Android Multiple Vulnerabilities

    Note: CVE-2025-48595 is being scattered exploited. This vulnerability could lead to escalation of privilege with no additional execution ...

  6. Android just patched 124 security flaws. One of them โ€” CVE-2025 ...

    Android just patched 124 security flaws. One of them โ€” CVE-2025-48595 (CVSS 8.4) โ€” may already be seeing limited targeted exploitation.

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

๐Ÿ“„ Download JSON Data | ๐Ÿ“ก RSS Feed