In its Android Security Bulletin for December, Google is pushing an especially large number of updates to address vulnerabilities across different components—and two of the flaws may have been exploited in the wild.
The December patch covers 107 bugs across Android Kernel, System, and Framework as well as Qualcomm, MediaTek, Arm, Unisoc, and Imagination Technologies components. The high-severity vulnerabilities include denial of service, elevation of privilege, and information disclosure flaws. There are also a handful of bugs labeled as “critical.”
Two active exploits
Two of the vulnerabilities addressed in the December update are zero-days, which are flaws that have been actively exploited or publicly disclosed before the developer makes a patch available. Google notes that both may be under “limited, targeted exploitation.”
CVE-2025-48633 is an information disclosure vulnerability, while CVE-2025-48572 is an elevation of privilege flaw. Both affect the Android Framework in versions 13 through 16.
Google hasn’t disclosed any additional information about the flaws and how they may have been exploited (or by whom). However, as Bleeping Computer reports, similar bugs have been targeted in the past by commercial spyware operations and nation-state campaigns.
What do you think so far?
Ensure your Android device is up to date
You should always implement security patches as soon as they’re available, so if you see a notification to update, go ahead and follow the prompts to download and install it. You can also check for updates via a path like Settings > Security & privacy > System & updates > Security update. Note that this may be slightly different depending on your device, and you can always search “update” to locate it.
This month’s patches apply to Android Open Source Project (AOSP) versions 13, 14, 15, and 16 and are dated 2025-12-01 and 2025-12-05—the latter fixes all known issues.
Pixel users (and the core AOSP code) receive patches from Google, and those on other Android devices from Huawei, LGE, Samsung, Motorola, and Nokia should see updates from their respective manufacturers around the same time.
