Integer Overflow Vulnerability in Android Components from Google
CVE-2025-48595

8.4HIGH

Key Information:

Vendor

Google
Status
Android
Vendor
CVE Published:
1 June 2026

Badges

📈 Score: 409👾 Exploit Exists🟡 Public PoC🦅 CISA Reported📰 News Worthy

What is CVE-2025-48595?

CVE-2025-48595 is a critical vulnerability found in various Android components developed by Google. This vulnerability arises from an integer overflow issue, which creates a potential pathway for attackers to execute malicious code on affected systems. With its ability to enable local privilege escalation without requiring additional execution privileges, CVE-2025-48595 poses a serious risk to organizations using Android-based devices and applications. The fact that user interaction is not necessary for exploitation exacerbates the risk, as it makes it easier for attackers to take advantage of the flaw without requiring any action from the target user.

Potential impact of CVE-2025-48595

  1. Unauthorized Privilege Escalation: The vulnerability allows attackers to escalate privileges locally, meaning they can gain elevated access rights within the system. This can enable them to execute unauthorized commands, access sensitive data, and perform harmful actions undetected.

  2. Widespread Exploitation Risk: Given the nature of the vulnerability and its exploitation potential without user interaction, there is a high likelihood of it being targeted in the wild by malicious actors. This increases the urgency for organizations to address the vulnerability to prevent potential breaches.

  3. Compromise of Data Integrity: By exploiting CVE-2025-48595, attackers may alter or corrupt sensitive information within the Android environment. This can lead to significant data integrity issues, affecting not only individual users but also organizations relying on the integrity of their mobile applications and services.

CISA has reported CVE-2025-48595

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2025-48595 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Android 16-qpr2

Android 16

Android 15

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-48595
Created by HORKimhab

News Articles

favicon imageSwapupdate

Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited

Ravie LakshmananJun 02, 2026Vulnerability / Mobile Security

1 day ago

favicon imageLifehacker

You Should Install the June Android Security Patch ASAP

This update fixes an actively-exploited zero-day attack.

1 day ago

favicon imageThe Hacker News

Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited

Google patched 124 Android flaws in June 2026, including exploited CVE-2025-48595, reducing privilege-escalation risks.

1 day ago

References

https://source.android.com/docs/security/bulletin/2026/20...

CVSS V3.1

Score:
8.4
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • 🦅

    CISA Reported

  • 📰

    First article discovered by Securityweek

  • Vulnerability published

  • Vulnerability Reserved

.