Full Report
Google has released the December 2025 Android security bulletin, addressing 107 vulnerabilities, including two flaws actively exploited in targeted attacks. [...]
Analysis Summary
As a vulnerability research specialist, here is the actionable summary of the December 2025 Android Security Bulletin based on the provided context.
---
# Vulnerability: Android December 2025 Security Bulletins Summary (107 Flaws Including 2 Zero-Days)
## CVE Details
* **CVE ID (Zero-Day 1):** CVE-2025-48633
* **CVSS Score (Zero-Day 1):** Unknown (Rated High Severity based on context)
* **CVE ID (Zero-Day 2):** CVE-2025-48572
* **CVSS Score (Zero-Day 2):** Unknown (Rated High Severity based on context)
* **CVE ID (Most Critical):** CVE-2025-48631 (DoS in Framework)
* **CVE ID (Kernel/Qualcomm Focus):** CVE-2025-47319, CVE-2025-47372
* **CWE:** Not specified for all, but CVE-2025-48633 is Information Disclosure, and CVE-2025-48572 is Elevation-of-Privilege.
## Affected Systems
* **Products:** Android OS (Framework, System components, Kernel) and Qualcomm-powered devices.
* **Versions:** Android versions 13 through 16 are explicitly mentioned as affected by the zero-days. Devices on Android 10 and later may receive subset fixes via Google Play system updates.
* **Configurations:** Affects standard Android installations addressed by the 2025-12-01 Patch Level (Android Framework/System) and 2025-12-05 Patch Level (Kernel/Third-party).
## Vulnerability Description
The bulletin addresses a total of 107 vulnerabilities. Two specific high-severity flaws (CVE-2025-48633 and CVE-2025-48572) are noted as being actively exploited in the wild against certain targets.
1. **CVE-2025-48633:** An information disclosure vulnerability.
2. **CVE-2025-48572:** An elevation-of-privilege vulnerability.
Additionally, several critical flaws were patched in the Kernel (e.g., Pkvm and UOMMU subcomponents) and two critical EoP flaws were fixed for Qualcomm devices. The most critical listed flaw is a Denial-of-Service (DoS) vulnerability in the Android Framework (CVE-2025-48631).
## Exploitation
* **Status:** **Exploited in the wild** (for CVE-2025-48633 and CVE-2025-48572).
* **Complexity:** Implied to be low to medium, given the context of targeted exploitation often associated with spyware/nation-state actors.
* **Attack Vector:** Not explicitly stated, but targeted zero-day exploitation often suggests remote network vectors for initial compromise, leading to local privilege escalation.
## Impact
* **Confidentiality:** High (due to Information Disclosure flaw and general zero-day severity).
* **Integrity:** High (due to Elevation-of-Privilege flaws).
* **Availability:** Medium/High (due to CVE-2025-48631 DoS vulnerability).
## Remediation
### Patches
* The fixes are included in the December 2025 Android security updates, aligning with the **2025-12-01 Patch Level** and **2025-12-05 Patch Level**.
* Users should check specific OEM security bulletins (e.g., Samsung's bulletin) for corresponding device patch application dates.
* Crucial fixes may be distributed to devices running Android 10 and later via Google Play system updates.
### Workarounds
* No specific workarounds were mentioned in the text.
* **General Mitigation:** Keep **Google Play Protect** active and updated, as it can detect and block known malware and attack chains.
## Detection
* **Indicators of Compromise:** None detailed in the provided text, as technical details were withheld due to active exploitation.
* **Detection Methods and Tools:** Users are advised to ensure automatic system updates are enabled. Security teams should prioritize applying the December 2025 patch levels immediately, especially for devices running Android 13-16. Vendor-specific security monitoring tools should be scanned for signatures related to these CVEs if zero-day technical details become available later.
## References
* Vendor Advisory (General): [source:://android/docs/security/bulletin/2025-12-01]
* MediaTek Bulletin: [corp:://mediatek.com/product-security-bulletin/December-2025]
* Samsung Bulletin: [security:://security.samsungmobile.com/securityUpdate.smsb]