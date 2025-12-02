Google has shipped patches for 51 Android vulnerabilities, including two high-severity flaws (CVE-2025-48633, CVE-2025-48572) that “may be under limited, targeted exploitation”.

According to the December Android security bulletin, both vulnerabilities affect the Android Framework, which is a collection of core software components, libraries, and APIs that developers use to build Android apps.

Their exact nature has yet to be revealed, but the bulletin notes that CVE-2025-48633 can be exploited by Android applications to access sensitive information, and CVE-2025-48572 may allow attackers to elevate privileges on vulnerable Android devices.

As per usual, details about the attacks are kept under wraps, but the wording seems to point to state-sponsored attackers and/or espionage via spyware.

The bulletin lists additional 56 flaws affecting Android’s kernel, and ARM, Imagination Technologies, MediaTek, Unisoc and Qualcomm components. Patches for those will be included in the December 5 “patch level” (2025-12-05).

(Google ships two security patch levels “so that Android partners have the flexibility to fix a subset of vulnerabilities that are similar across all Android devices more quickly.”)

The December 1 patches (2025-12-01) are available for Android 13, 14, 15, and 16.

Security updates for Android-based devices

Vendors of Android-powered devices usually get a month or so to develop security updates, so they may ship them around the same time Google publishes its monthly Android security bulletin.

Samsung has pushed out a maintenance release for major flagship models that includes patches from both Google and Samsung, including the one for CVE-2025-48633.

Motorola has likewise patched only CVE-2025-48633 this December.

Huawei, LGE, Nokia, Oppo, and others are expected to release patches soon.

Android users are advised to check for updates and implement them if they are available.

