Persistent Denial of Service in Android Framework
CVE-2025-48631

6.5MEDIUM

Key Information:

Vendor

Google
Status
Android
Vendor
CVE Published:
8 December 2025

Badges

đź“° News Worthy

What is CVE-2025-48631?

A vulnerability exists in the Android Framework, specifically within the onHeaderDecoded method of the LocalImageResolver.java class. This flaw could potentially lead to a persistent denial of service (DoS) as a result of resource exhaustion. Attackers could exploit this issue remotely without the need for user interaction or additional execution privileges, making it a significant security concern for users of the affected Android versions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Android 16

Android 15

Android 14

News Articles

favicon imageCyberScoop

Google addresses 107 Android vulnerabilities, including two zero-days

The company’s latest security update contains the second-highest number of defects patched so far this year.

References

https://android.googlesource.com/platform/frameworks/base...
https://source.android.com/security/bulletin/2025-12-01

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • đź“°

    First article discovered by CyberScoop

  • Vulnerability Reserved

JSON
.