Google has rolled out its comprehensive monthly security update for the Android operating system, addressing a significant total of 107 security vulnerabilities across its components. These patches target flaws in Framework, System, and Kernel, as well as vulnerabilities identified in third-party vendor components from Arm, Imagination Technologies, MediaTek, Qualcomm, and Unison. The sheer volume of fixes underscores the continuous need for security maintenance in the sprawling Android ecosystem, and device manufacturers have been provided with two distinct patch levels, 2025-12-01 and 2025-12-05, to ensure flexible and timely deployment of these critical security updates.
Of particular concern in this month’s bulletin are two high-severity vulnerabilities within the Framework component— CVE-2025-48633 , an information disclosure flaw, and CVE-2025-48572 , an elevation of privilege flaw—both of which Google confirms have been actively exploited in the wild. While the company has not provided extensive details on the perpetrators, the exact methodology of the attacks, or their overall scale, it did acknowledge that the exploits appear to be under “limited, targeted exploitation.” This acknowledgment serves as a crucial warning, prompting the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to immediately list both flaws in its Known Exploited Vulnerabilities catalog.
In addition to the actively exploited flaws, the December 2025 updates remediate another critical vulnerability, CVE-2025-48631 , also found in the Framework component. This specific vulnerability is highly dangerous because it could potentially be leveraged to execute a remote denial-of-service (DoS) attack without requiring any additional execution privileges, highlighting a significant risk to device stability and availability. Timely application of the December security patches is strongly recommended for all Android users to mitigate these immediate threats and ensure device integrity against documented and critical security issues.The immediate action taken by CISA further emphasizes the severity of the exploited flaws, as the agency mandated that all Federal Civilian Executive Branch agencies must apply the necessary fixes for CVE-2025-48572 and CVE-2025-48633 by December 23, 2025.
This mandatory deadline underscores a government-level recognition of the immediate danger these vulnerabilities pose to critical systems. This development follows a similar urgent cycle three months prior, when Google had to rapidly deploy fixes for two other actively exploited flaws— CVE-2025-38352 in the Linux Kernel and CVE-2025-48543 in Android Runtime—both of which could have resulted in local privilege escalation.In light of these continuous and significant security findings, the release of the December 2025 Android security updates is a critical measure to protect the user base. With over a hundred vulnerabilities addressed, including a handful of critical and actively exploited flaws, users must prioritize updating their devices to the latest patch level immediately upon its release.
The ongoing, targeted exploitation of core system components like Framework demonstrates that threat actors are consistently seeking and leveraging zero-day vulnerabilities, making prompt patching the single most effective defense against sophisticated and confirmed attacks on the Android platform.
Reference:
