High severity8.4CISA KEVNVD Advisory· Published Jun 1, 2026· Updated Jun 2, 2026
CVE-2025-48595
CVE-2025-48595
Description
In multiple locations, there is a possible way to achieve code execution due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:16.0:-:*:*:*:*:*:*
- cpe:2.3:o:google:android:16.0:qpr2_beta_1:*:*:*:*:*:*
- cpe:2.3:o:google:android:16.0:qpr2_beta_2:*:*:*:*:*:*
- cpe:2.3:o:google:android:16.0:qpr2_beta_3:*:*:*:*:*:*
- (no CPE)
Patches
Vulnerability mechanics
References
2- source.android.com/docs/security/bulletin/2026/2026-06-01nvdVendor Advisory
- www.cisa.gov/known-exploited-vulnerabilities-catalognvdUS Government Resource
News mentions
14- 8th June – Threat Intelligence ReportCheck Point Research · Jun 8, 2026
- ⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and MoreThe Hacker News · Jun 8, 2026
- Week in review: Cisco SD-WAN 0-day exploited, Patch Tuesday forecastHelp Net Security · Jun 7, 2026
- CISA Warns of Android Framework Integer Overflow Vulnerability Exploited in AttacksCyber Security News · Jun 4, 2026
- CISA warns of active attacks exploiting Android, Linux bugsBleepingComputer · Jun 3, 2026
- Organizations Warned of Exploited Linux Kernel VulnerabilitySecurityWeek · Jun 3, 2026
- Google June 2026 Android Update Patches 124 Flaws, One Actively ExploitedThe Hacker News · Jun 2, 2026
- Android Update Patches Exploited Zero-Day, 123 Other VulnerabilitiesSecurityWeek · Jun 2, 2026
- Google fixes actively exploited Android vulnerability (CVE-2025-48595)Help Net Security · Jun 2, 2026
- Google fixes one actively exploited Android zero-day, 124 flawsBleepingComputer · Jun 2, 2026
- Android 0-Day Vulnerability Exploited in Attacks to Gain Complete Device ControlCyber Security News · Jun 2, 2026
- Google CVE-2025-48595 Added to CISA KEV Under Active ExploitationVypr Intelligence · Jun 2, 2026
- Android SDK: 25 Vulnerabilities Disclosed, Including Actively Exploited Zero-DayVypr Intelligence · Jun 1, 2026
- CISA Adds Two Known Exploited Vulnerabilities to CatalogCISA Alerts