Google has released its latest monthly security updates for the Android operating system, delivering fixes for 107 vulnerabilities found across key system components. The update covers issues in Framework, System, Kernel, and modules from Arm, Imagination Technologies, MediaTek, Qualcomm, and Unison.
Two High Severity Bugs Exploited in Real World Attacks
The company confirmed that two Framework vulnerabilities had been used in actual attacks before the patch release. These include:
CVE-2025-48633, an information disclosure flaw in Framework
CVE-2025-48572, a privilege escalation flaw in Framework
Google did not share further technical details about how the flaws were exploited or whether the two issues were used together. The advisory only stated that there are indications of limited and targeted exploitation.
Critical Framework Bug Also Patched
Along with the exploited flaws, Google also resolved a critical Framework vulnerability tracked as CVE 2025 48631. This issue could trigger remote denial of service without requiring additional permissions from the attacker.
Two Patch Levels Released for December 2025
The December bulletin includes two patch levels, 2025 12 01 and 2025 12 05. This gives device makers flexibility to roll out updates faster for the vulnerabilities that apply across all Android devices.
Users are strongly advised to install the latest security patch as soon as their device manufacturer releases it.
Recent Android and Linux Kernel Fixes
The update follows Google’s earlier patches from three months ago, which addressed two actively exploited bugs in the Linux Kernel and Android Runtime. These flaws, identified as CVE-2025-38352 and CVE-2025-48543, allowed local privilege escalation.
Found this article interesting? Follow us on Twitter , Facebook, Blue sky and LinkedIn to read more exclusive content we post.
