In December 2025, Google released critical security updates addressing multiple zero-day vulnerabilities affecting Android devices worldwide. The bulletin highlights that threat actors are actively exploiting at least two of these flaws CVE-2025-48633 and CVE-2025-48572 prompting urgent action from users and device manufacturers. Both vulnerabilities reside in the Android Framework and carry high severity ratings. CVE-2025-48633 is an information disclosure flaw impacting Android 13 through 16, allowing unauthorized access to sensitive device data, while CVE-2025-48572 is a privilege escalation vulnerability that can enable attackers to gain elevated system privileges without additional permissions.

Beyond these actively exploited vulnerabilities, CVE-2025-48631 has been identified as the most severe issue in this month’s update due to its potential to cause remote denial-of-service attacks. This vulnerability is particularly dangerous because attackers do not require any authentication or special execution privileges to trigger it, making even unauthenticated attacks possible. Google’s December bulletin also addresses over 30 vulnerabilities across various Android components, including additional privilege escalation issues (CVE-2025-22420, CVE-2025-48525), denial-of-service flaws, and other information disclosure risks affecting Android versions 13 through 16.

Google has implemented multiple layers of protection through the Android security platform and Google Play Protect, both enabled by default on devices with Google Mobile Services. Device manufacturers were notified at least a month in advance, allowing time to prepare patches for their devices. Users are strongly advised to check their security patch level in the “About Phone” section of their device settings and install the December 5, 2025, security updates immediately, especially those on Android 13, 14, 15, or 16, to mitigate active exploit risks.

In addition to updating devices, users should ensure Google Play Protect is enabled and limit app installations to the official Google Play Store. These proactive measures significantly reduce exposure to attacks exploiting the newly disclosed vulnerabilities. Google’s timely response and the comprehensive security patching emphasize the critical importance of staying current with Android updates to safeguard personal information, prevent unauthorized privilege escalation, and protect devices from potential denial-of-service attacks.