Today's cybersecurity headlines are brought to you by ThreatPerspective
Ethical Hacking News

Google Patches High-Severity Android Zero-Days as Holiday Season Brings Early Christmas for Attackers


Google has released its December Android security bulletin, highlighting several high-severity vulnerabilities that have been patched. The release serves as a reminder of the importance of keeping software up-to-date and taking steps to protect against known vulnerabilities.

  • CVE-2025-48633 and CVE-2025-48572 are two high-severity vulnerabilities in the framework component of Android that have been patched by Google.
  • Four other critical escalation-of-privilege bugs were found in the kernel, including four new vulnerabilities.
  • CVE-2025-47319 allows information disclosure while exposing internal TA-to-TA communication APIs to HLOS.
  • CVE-2025-47372 is a buffer overflow flaw that occurs when a corrupted ELF image with an oversized file is read into a buffer without authentication.
  • CVE-2025-48631 could lead to remote denial of service with no additional execution privileges needed.



    • The recent release of Google's December Android security bulletin has brought attention to several high-severity vulnerabilities that were previously unknown and have since been patched. These vulnerabilities, including CVE-2025-48633 and CVE-2025-48572, are ranked as high severity by Google and may be under limited, targeted exploitation.

    The two vulnerabilities are both located in the framework component of Android, with CVE-2025-48633 being an information-disclosure flaw and CVE-2025-48572 being an elevation-of-privilege bug. Both of these vulnerabilities have been patched by Google, and it is highly recommended that users update their Android software as soon as possible.

    In addition to these two high-severity vulnerabilities, there are four other critical escalation-of-privilege bugs located in the kernel, which are also ranked as high severity. These include CVE-2025-48623, CVE-2025-48624, CVE-2025-48637, and CVE-2025-48638.

    Furthermore, there are two other critical vulnerabilities affecting Qualcomm closed-source components, with CVE-2025-47319 allowing information disclosure while exposing internal TA-to-TA communication APIs to HLOS, and CVE-2025-47372 being a buffer overflow flaw that occurs when a corrupted ELF image with an oversized file is read into a buffer without authentication.

    Google's December Android security bulletin also highlights several other vulnerabilities that have been patched, including several critical-severity rating bugs. The most serious of these is CVE-2025-48631, which could lead to remote denial of service with no additional execution privileges needed.

    The recent release of Google's December Android security bulletin serves as a reminder of the importance of keeping software up-to-date and taking steps to protect against known vulnerabilities. With the holiday season bringing early Christmas for attackers, it is crucial that users take proactive measures to secure their devices and data.

    In addition to the Android vulnerability patching, Google has also recently issued an emergency patch for a high-severity Chrome bug that has already been found and exploited in the wild. This vulnerability, tracked as CVE-2025-13223, is a type confusion flaw in the V8 JavaScript engine and marked the seventh Chrome zero-day this year.

    The exploitation of these vulnerabilities highlights the ongoing threat posed by mobile device zero-days, particularly those targeting Android devices. Commercial spyware and government-sponsored attackers often exploit these types of vulnerabilities for snooping purposes.

    Overall, Google's December Android security bulletin serves as a reminder of the importance of staying vigilant in the face of emerging threats. By patching high-severity vulnerabilities and taking proactive measures to secure devices and data, users can reduce their risk of falling victim to these types of attacks.



    Related Information:
  • https://www.ethicalhackingnews.com/articles/Google-Patches-High-Severity-Android-Zero-Days-as-Holiday-Season-Brings-Early-Christmas-for-Attackers-ehn.shtml

  • https://go.theregister.com/feed/www.theregister.com/2025/12/02/android_0_days/

  • https://nvd.nist.gov/vuln/detail/CVE-2025-48633

  • https://www.cvedetails.com/cve/CVE-2025-48633/

  • https://nvd.nist.gov/vuln/detail/CVE-2025-48572

  • https://www.cvedetails.com/cve/CVE-2025-48572/

  • https://nvd.nist.gov/vuln/detail/CVE-2025-48623

  • https://www.cvedetails.com/cve/CVE-2025-48623/

  • https://nvd.nist.gov/vuln/detail/CVE-2025-48624

  • https://www.cvedetails.com/cve/CVE-2025-48624/

  • https://nvd.nist.gov/vuln/detail/CVE-2025-48637

  • https://www.cvedetails.com/cve/CVE-2025-48637/

  • https://nvd.nist.gov/vuln/detail/CVE-2025-48638

  • https://www.cvedetails.com/cve/CVE-2025-48638/

  • https://nvd.nist.gov/vuln/detail/CVE-2025-47319

  • https://www.cvedetails.com/cve/CVE-2025-47319/

  • https://nvd.nist.gov/vuln/detail/CVE-2025-47372

  • https://www.cvedetails.com/cve/CVE-2025-47372/

  • https://nvd.nist.gov/vuln/detail/CVE-2025-48631

  • https://www.cvedetails.com/cve/CVE-2025-48631/

  • https://nvd.nist.gov/vuln/detail/CVE-2025-13223

  • https://www.cvedetails.com/cve/CVE-2025-13223/


    • Published: Tue Dec 2 13:15:45 2025 by llama3.2 3B Q4_K_M


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us