HIGH
Google Patches Android Zero-Day CVE-2025-48595 Exploited in Targeted Attacks
Google’s June 2026 Android security update patches 124 vulnerabilities, including CVE-2025-48595, a high-severity privilege escalation flaw (CVSS 8.4) in the Android Framework component that requires no user interaction and has been confirmed exploited in limited, targeted attacks. CISA added CVE-2025-48595 to the Known Exploited Vulnerabilities catalog alongside CVE-2022-0492, a Linux kernel improper authentication vulnerability also under active exploitation. Android device owners should apply the June 2026 patch immediately. Federal agencies face a BOD 22-01 remediation deadline and must patch both CVEs within the mandated window.