CISA has added CVE-2025-48595 in the Android Framework and CVE-2022-0492 in the Linux kernel to its Known Exploited Vulnerabilities catalog after evidence of exploitation. The Android flaw affects Android 14 through 16 and the Linux issue can enable container escape and root access on affected systems, with federal patching required by June 5. #CVE-2025-48595 #CVE-2022-0492 #AndroidFramework #LinuxKernel
Keypoints
- CISA added CVE-2025-48595 to its KEV catalog.
- The Android Framework flaw affects Android 14 through 16 and needs no user interaction.
- Google said CVE-2025-48595 may be under limited targeted exploitation.
- CISA also added CVE-2022-0492, a Linux kernel privilege escalation flaw.
- Federal agencies must apply fixes or stop using the affected software by June 5.