CISA added CVE-2025-48595 to its Known Exploited Vulnerabilities catalog on 2026-06-02, flagging an integer overflow in the Android Framework that allows local code execution and privilege escalation without user interaction.
What Is It
CVE-2025-48595 is an integer overflow (CWE-190) affecting multiple locations within the Android Framework. According to the NVD description, the flaw provides "a possible way to achieve code execution due to an integer overflow," leading to local escalation of privilege "with no additional execution privileges needed." User interaction is not required for exploitation.
The vulnerability carries a CVSS 3.1 base score of 8.4 (HIGH), with a vector of AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, local attack vector, low complexity, no privileges or user interaction, and high impact across confidentiality, integrity, and availability.
Why It Matters
CISA's KEV entry confirms this CVE is being treated as actively exploited, with a federal due date of 2026-06-05; only three days after the KEV listing on 2026-06-02. The "Known Ransomware Campaign Use" field is listed as "Unknown."
Because the bug requires no privileges and no user interaction to escalate locally, any code already running on a device (including sandboxed apps) could potentially leverage it to break out and gain elevated rights on the system. Given the massive Android install base, the operational risk to mobile fleets and BYOD environments is substantial.
What's Vulnerable
Per the NVD CPE configuration, the affected platform is Google Android, including:
- Android 14.0
- Android 15.0
- Android 16.0 (base release)
- Android 16.0 QPR2 Beta 1, Beta 2, and Beta 3
The vendor/product is listed in KEV as Android Framework.
Patch Status
Google published the fix in the Android Security Bulletin dated 2026-06-01. CISA's required action directs organizations to "apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable." Federal civilian agencies must remediate by 2026-06-05.
Administrators should ensure devices receive the June 2026 Android security patch level or later, and prioritize rollout across managed mobile fleets.