New Android “0-Day” Vulnerabilities: CISA Issues Warning

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an official warning about two serious actively exploited “0-day” vulnerabilities in the Android operating system. These vulnerabilities pose a direct threat to the security of millions of Android users worldwide.

On December 2, 2025, CISA added these vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog and instructed federal agencies to patch them no later than December 23, 2025.

Two Critical 0-Days: CVE-2025-48572 and CVE-2025-48633

1. CVE-2025-48572 — Privilege escalation vulnerability enabling full device compromise

This vulnerability was identified in the Android Framework component and allows an attacker to obtain high-level privileges on the device. Google has not yet disclosed technical details — indicating the severity of the flaw and the need to maintain secrecy to prevent large-scale exploitation.

If successfully exploited, attackers can:

  • install malicious applications,
  • access the user’s personal data,
  • create hidden backdoors within the system,
  • gain full control over the device.

2. CVE-2025-48633 — Vulnerability leading to data leakage

This second flaw in another Android Framework component allows attackers to obtain confidential information without any user permissions.

The leaked data may include:

  • contacts,
  • messages,
  • system identifiers,
  • application data,
  • location history, and more.

When combined, the two vulnerabilities can form a complete attack chain, enabling full compromise of an Android device.

Vulnerabilities Are Being Actively Exploited

There is currently no confirmed evidence that these flaws are used in ransomware attacks, but their inclusion in the KEV catalog confirms that they are already being exploited in real-world attacks.

Threat actors targeting mobile devices often exploit multiple vulnerabilities simultaneously — making them especially dangerous for:

  • unmonitored devices,
  • systems with delayed updates,
  • corporate environments with weak security configurations.

CISA Recommendations for Organizations and Users

For Federal Agencies

  • Mandatory installation of all related patches by December 23.
  • Restrict the use of vulnerable devices until patched.
  • Strengthen security controls — segmentation, monitoring, and enhanced analysis.

For Regular Users

  • Immediately install all Android OS and Google Play System updates.
  • Avoid downloading unknown apps, especially APK files.
  • Keep “Google Play Protect” enabled.
  • Regularly review app permission requests.

For Corporate Administrators

  • Quickly update all corporate Android devices.
  • Review logs and increase monitoring for suspicious behavior.
  • Segment networks to prevent lateral movement.
  • Conduct security scans to detect possible compromise.

Android remains the largest mobile platform globally and a primary target for attackers. These new 0-day vulnerabilities highlighted by CISA once again demonstrate the critical importance of keeping the operating system up to date.

As modern cyber threats grow more sophisticated, securing mobile devices is no longer just a technical requirement — it is an essential necessity for every organization and every user.