Local attackers can exploit the actively abused high-severity Android Framework vulnerability, tracked as CVE-2025-48595, to achieve code execution and escalate privileges on devices running Android 14 or later.
“There are indications that CVE-2025-48595 may be under limited, targeted exploitation,” Google said on Monday in its June 2026 Android security bulletin.
“Exploitation of many issues on Android is made more difficult by enhancements in newer versions of the Android platform. We encourage all users to update to the latest Android version where possible.”
While Google has not yet disclosed technical details about the flaw or provided additional information about the ongoing attacks, similar vulnerabilities have previously been exploited by commercial spyware vendors and nation-state actors targeting high-profile or otherwise interesting individuals.
With this month’s Android security updates, Google fixed 18 critical vulnerabilities in the System, Framework, and Qualcomm components. These flaws could be exploited to trigger denial-of-service conditions or escalate privileges on unpatched Android devices.
“The most severe of these issues is a critical security vulnerability in the Framework component that could lead to remote privilege escalation with no additional execution privileges needed. User interaction is not required for exploitation,” Google added.
On Monday, Google released two security patch levels, 2026-06-01 and 2026-06-05. The latter includes all fixes from the first patch level, along with additional patches for third-party closed-source components and kernel subcomponents that may not apply to every Android device.
While Google Pixel devices receive these security updates immediately, other Android vendors typically require additional time to test and adapt the patches for specific hardware configurations.
A Google spokesperson was not immediately available for comment when BleepingComputer requested additional information about the CVE-2025-48595 attacks and their targets.
Last month, Google also updated its Android and Chrome vulnerability reward programs, offering payouts of up to $1.5 million for certain Android exploits while reducing rewards for vulnerabilities that can be more easily discovered using artificial intelligence (AI).
