01.12.2025
2 min
399
On December 2, 2025, Google released its monthly security update for the Android operating system. The patch addresses a total of 107 vulnerabilities, spanning components including Framework, System, Kernel, as well as subsystems from Arm, Imagination Technologies, MediaTek, Qualcomm, and Unison.
Most critical are two flaws in the Framework component that Google reports have already been exploited in real-world attacks:
CVE-2025-48633 — an information-disclosure vulnerability.
CVE-2025-48572 — a privilege-escalation vulnerability.
Additionally, the update fixes a serious bug CVE-2025-48631 in Framework, which could have allowed a remote denial-of-service (DoS) attack without requiring additional privileges.
The security bulletin provides two patch levels — 2025-12-01 and 2025-12-05 — giving device manufacturers flexibility in roll-out.
This update comes roughly three months after the previous set of patches, which fixed two other actively exploited vulnerabilities (one in the Linux Kernel and one in Android Runtime).
Android is among the most widely used mobile platforms, and vulnerabilities in its core components can let attackers access sensitive data, take control of devices, or launch DoS attacks. Regular security updates are critical — as unpatched vulnerabilities may already be used in real attacks.
If you use an Android phone or tablet — check immediately if your device has received the new security patch (2025-12-01 or 2025-12-05). If not — you remain exposed to real threats that could compromise data or device integrity.
