The Cybersecurity and Infrastructure Safety Company (CISA) has added two vital Android Framework vulnerabilities to its Recognized Exploited Vulnerabilities (KEV) catalog, signaling energetic exploitation within the wild and prompting fast motion from organizations and system customers worldwide.
The vulnerabilities CVE-2025-48572 and CVE-2025-48633 had been formally listed on December 2, 2025, and signify a major menace to the thousands and thousands of Android gadgets in use throughout enterprise and shopper environments.
CVE-2025-48572 is an Android Framework privilege escalation vulnerability that allows attackers to raise their entry ranges on compromised gadgets.
This sort of vulnerability is hazardous as a result of it permits menace actors to bypass safety restrictions and acquire unauthorized management over delicate system capabilities.
Complementing this menace, CVE-2025-48633 represents an info disclosure vulnerability within the Android Framework, doubtlessly exposing confidential consumer information and system info to malicious actors.
The addition of those vulnerabilities to CISA’s KEV catalog displays the company’s dedication to sustaining the authoritative supply of actively exploited safety vulnerabilities .
The KEV catalog serves as a vital useful resource for community defenders, safety professionals, and organizations looking for to prioritize their vulnerability administration efforts successfully.
By monitoring real-world exploitation, CISA allows the cybersecurity group to focus remediation sources the place they matter most.
For organizations managing Android-based infrastructure or worker gadgets, the implications are substantial.
Android Zero-Day Vulnerability
CISA has set a due date of December 23, 2025, for remediation, offering a 21-day window for entities to deal with the vulnerabilities earlier than obligatory compliance necessities take impact.
The company recommends making use of mitigations per vendor directions because the fast precedence. For these unable to implement patches or mitigations, discontinuing use of affected merchandise could also be mandatory to stop compromise.
The menace panorama surrounding Android vulnerabilities continues to evolve as attackers more and more goal the platform’s widespread deployment.
Android gadgets handle roughly 70% of the worldwide cell market share, making them enticing targets for menace actors looking for most affect.
The mix of privilege escalation and data disclosure vectors creates a compounding menace attackers can exploit these vulnerabilities in sequence to realize full system management whereas exfiltrating delicate information.
Organizations ought to combine these vulnerabilities into their vulnerability administration prioritization frameworks instantly.
CISA supplies a number of entry codecs for the KEV catalog together with CSV, JSON, and JSON Schema variants enabling seamless integration into safety instruments and platforms.
This accessibility ensures that even organizations with restricted sources can leverage CISA’s intelligence to enhance their safety posture.
Suggestions
The addition of those Android vulnerabilities displays broader patterns within the menace panorama, the place cell platforms more and more change into vectors for stylish assaults.
Enterprise organizations ought to be certain that Cellular Machine Administration (MDM) options are configured to implement well timed patching and that workers are notified of the significance of accepting safety updates promptly.
As remediation timelines method, organizations are inspired to reference CISA’s advisory steerage and set up clear patching schedules.
The KEV catalog, up to date repeatedly as new exploited vulnerabilities emerge, stays a vital device for defenders looking for to remain forward of energetic menace exercise.
Observe us on Google Information, LinkedIn, and X to Get Immediate Updates and Set GBH as a Most well-liked Supply in Google.
