Following the early-November disclosure of CVE-2025-48593, a critical zero-click flaw in the Android System component, a couple of other vulnerabilities in the Android framework have come to the spotlight due to their active exploitation, posing emerging risks to global organizations potentially affected by the threat.
The two newly uncovered flaws within the Android Framework include high-severity vulnerabilities tracked as CVE-2025-48633 and CVE-2025-48572. Google has instantly responded to the threat by addressing these vulnerabilities in its monthly security updates. However, the vendor has not yet provided further insight into how these vulnerabilities are being leveraged in the wild, whether adversaries are chaining them or exploiting them independently, or the overall scope of the malicious activity.
As of November 30, the number of reported CVEs has surpassed 42,000, marking a 16.9% increase compared to 2024. The pace remains high, with an average of 128 newly disclosed vulnerabilities each day. These patterns underscore the continued urgency for proactive defense and the growing need for real-time delivery of threat detection content, enabling defenders to spot and mitigate new risks before they gain traction.
Register today for the SOC Prime Platform, the industry’s leading vendor-agnostic suite designed for real-time defense. It offers the full pipeline from detection to simulation and features the world’s largest detection intelligence dataset, with emerging threats updated daily to help organizations stay ahead of the curve. Use the Explore Detections button to view context-enriched SOC content for vulnerability exploitation, conveniently filtered by a dedicated “CVE” tag.
Detection logic is compatible with dozens of leading SIEM, EDR, and Data Lake technologies and is aligned with the MITRE ATT&CK® framework for consistent threat mapping. Each detection algorithm is enhanced with AI-native detection intelligence and comprehensive metadata, including CTI references, attack timelines, audit configuration, triage recommendations, and more actionable threat context.
Security teams can further leverage Uncoder AI to streamline detection engineering by converting IOCs into custom hunting queries, generating detection logic directly from threat reports, visualizing Attack Flow diagrams, predicting ATT&CK tags, translating content across multiple formats, and automating a wide range of daily workflows end-to-end.
CVE-2025-48633 and CVE-2025-48572 Analysis
Google has recently issued its December 2025 Android Security Bulletin, resolving 100+ vulnerabilities across multiple components, including the Framework, System, Kernel, and third-party hardware drivers. The vendor confirmed that two of these flaws, CVE-2025-48633, an information disclosure issue, and CVE-2025-48572, a privilege escalation flaw, have been exploited in real-world attacks and may be subject to limited, targeted abuse. The December bulletin includes two patch levels to help device manufacturers deploy shared fixes more rapidly.
On December 2, 2025, CISA added CVE-2025-48633 and CVE-2025-48572 to its Known Exploited Vulnerabilities catalog, mandating that U.S. federal agencies patch them by December 23, 2025, due to the significant risk they pose.
Security enhancements in modern Android versions significantly reduce the likelihood of successful exploitation. As feasible CVE-2025-48633 and CVE-2025-48572 mitigation steps, users should update their devices to the latest Android release and promptly apply security patches. In addition, Google Play Protect, enabled by default, helps detect and block harmful apps, particularly critical for those customers who install software from outside Google Play.
With the constantly increasing volumes of vulnerabilities exploited in the wild, proactive cyber defense measures are becoming a top priority for progressive organizations concerned about maintaining robust cyber resilience. By leveraging SOC Prime’s AI-native detection intelligence platform built for real-time defense, security teams can take their enterprise security protection to the next level and strengthen the organization’s cybersecurity posture.
The post CVE-2025-48633 and CVE-2025-48572: Android Framework Information Disclosure and Privilege Escalation Vulnerabilities Exploited in the Wild appeared first on SOC Prime.
