Google fixes two Android zero days exploited in attacks, 107 flaws
Google has released the December 2025 Android security bulletin, addressing 107 vulnerabilities, including two flaws actively exploited in targeted attacks.
Google has released the December 2025 Android security bulletin, addressing 107 vulnerabilities, including two flaws actively exploited in targeted attacks.
The two high-severity vulnerabilities are tracked as CVE-2025-48633 and CVE-2025-48572. They are information disclosure and elevation-of-privilege issues, respectively, affecting Android versions 13 through 16.
"There are indications that the following may be under limited, targeted exploitation," mentions the December Android bulletin.
While Google has not shared any technical or exploitation details about the flaws, similar flaws in the past were used for targeted exploitation by commercial spyware or nation-state operations targeting a small number of high-interest individuals.
Ranked by severity, the most critical vulnerability fixed this month is CVE-2025-48631, a denial-of-service (DoS) flaw in the Android Framework.
This month's updates address a total of 51 flaws on Android Framework and System components, covered by the 2025-12-01 Patch Level, and another 56 bugs in the Kernel and third-party closed-source components, covered by the 2025-12-05 Patch Level.
In what concerns the latter, there are four critical-severity fixes for elevation-of-privilege flaws in the Kernel's Pkvm and UOMMU subcomponents, and two critical fixes for Qualcomm-powered devices (CVE-2025-47319 and CVE-2025-47372).
More information about closed-source fixes can be found in Qualcomm's and MediaTek's bulletins for the December 2025 security updates.
Additionally, Samsung published its security bulletin, including ported fixes from the Google update and vendor-specific fixes.
It is important to note that the updates cover devices running Android 13 and later, but devices on Android 10 and later may receive some crucial fixes via Google Play system updates.
Also, Play Protect can detect and block documented malware and attack chains, so users of any Android version should keep the component up to date and active.
Those on older Android versions should either move to a third-party distribution that regularly incorporates Google's security fixes or switch to a newer device model for active support.
