Persistent Denial of Service in Android Framework
CVE-2025-48631

Currently unrated

Key Information:

Vendor

Google
Status
Android
Vendor
CVE Published:
8 December 2025

Badges

đź“° News Worthy

What is CVE-2025-48631?

A vulnerability exists in the Android Framework, specifically within the onHeaderDecoded method of the LocalImageResolver.java class. This flaw could potentially lead to a persistent denial of service (DoS) as a result of resource exhaustion. Attackers could exploit this issue remotely without the need for user interaction or additional execution privileges, making it a significant security concern for users of the affected Android versions.

Affected Version(s)

Android 16

Android 15

Android 14

News Articles

favicon imageCyberScoop

Google addresses 107 Android vulnerabilities, including two zero-days

The company’s latest security update contains the second-highest number of defects patched so far this year.

1 week ago

References

https://android.googlesource.com/platform/frameworks/base...
https://source.android.com/security/bulletin/2025-12-01

Timeline

  • Vulnerability published

  • đź“°

    First article discovered by CyberScoop

  • Vulnerability Reserved

JSON
.
CVE-2025-48631 : Persistent Denial of Service in Android Framework