Googleβs December 2025 Android security bulletin fixes 107 vulnerabilities, including two actively exploited flaws, impacting Android versions 13-16. The updates address critical security issues across Android Framework, Kernel, and third-party components, with some fixes also available via Play Store updates for older devices. #CVE-2025-48633 #CVE-2025-48572
Keypoints
- The December 2025 Android security bulletin addresses 107 vulnerabilities, including targeted exploit flaws.
- The most critical flaw, CVE-2025-48631, is a denial-of-service (DoS) vulnerability in the Android Framework.
- Two high-severity vulnerabilities, CVE-2025-48633 and CVE-2025-48572, affect Android 13 to 16 and may be exploited in limited targeted attacks.
- Updates also address flaws in Kernel components, with critical fixes for Qualcomm-powered devices and third-party vendors.
- Device security can be enhanced by keeping Android and Google Play system updates active and up to date.