June Android Security Bulletin Confirms Fix For Actively Exploited CVE-2025-48595 Vulnerability

With a massive global user base across multiple product lines, Google is a high-value target for cybercriminals and state-sponsored hackers alike. Which is why the company has a world-renowned security research unit in Project Zero alongside vulnerability reward platforms for external bug hunters. While the latest Chrome security update fixed 151 vulnerabilities, none of them were being actively exploited in the wild. With the publication of the June 2026 Android security bulletin, however, Google has confirmed that a zero-day vulnerability, with a Common Vulnerabilities and Exposures designation of CVE-2025-48595, has been subject to limited and targeted exploitation in the wild. Neither of those terms has been quantified, though, so it is currently unknown just how limited and targeted the attacks have been.

What we do know is that this high-severity rated vulnerability, residing within the Android Framework itself, is an elevation-of-privileges type that could enable an attacker to potentially gain control of the impacted device. A CVE threat intelligence report confirming this has stated that an “unauthenticated local user can exploit an integer overflow to execute arbitrary code and escalate privileges to achieve full system compromise, including reading sensitive data, modifying files, and disrupting system availability.”

Google has confirmed that “user interaction is not needed for exploitation” of this vulnerability.

Because of the no-authentication-or-user-interaction-needed nature of this vulnerability, and the fact that it is already being exploited in the wild by attackers, users should apply the necessary Android security update from Google as soon as it is available for their device. Security patch levels of 2026-06-05 will ensure that your Android device is protected against the exploit of CVE-2025-48595, and you can check the status of yours by heading to About phone | Android version in the settings app.