Advisory

Google December 2025 patch fixes Over 100 Android vulnerabilities, two actively exploited

Take action: Another very important advisory since there are two actively exploited flaws patchd by it, but most users can't rush the patch because their vendors may not have released an updated version of Android for their devices. Be aware that you shouldn't delay the update to your Android when the notification arrives on your phone.

Learn More

Google has released its December 2025 Android Security Bulletin, addressing over 100 security vulnerabilities affecting Android devices running versions 13 through 16. 

Google reports that two vulnerabilities, CVE-2025-48633 and CVE-2025-48572, are currently under limited, targeted exploitation in the wild, making immediate patching a priority for affected organizations.

Framework Component Vulnerabilities:

  • CVE-2025-48631 (Critical severity) - Remote Denial of Service
  • CVE-2025-22420 (High severity) - Elevation of Privilege
  • CVE-2025-32319 (High severity) - Elevation of Privilege
  • CVE-2025-32328 (High severity) - Elevation of Privilege
  • CVE-2025-32329 (High severity) - Elevation of Privilege
  • CVE-2025-48525 (High severity) - Elevation of Privilege
  • CVE-2025-48564 (High severity) - Elevation of Privilege
  • CVE-2025-48565 (High severity) - Elevation of Privilege
  • CVE-2025-48572 (High severity) - Elevation of Privilege
  • CVE-2025-48573 (High severity) - Elevation of Privilege
  • CVE-2025-48580 (High severity) - Elevation of Privilege
  • CVE-2025-48583 (High severity) - Elevation of Privilege
  • CVE-2025-48588 (High severity) - Elevation of Privilege
  • CVE-2025-48589 (High severity) - Elevation of Privilege
  • CVE-2025-48594 (High severity) - Elevation of Privilege
  • CVE-2025-48596 (High severity) - Elevation of Privilege
  • CVE-2025-48597 (High severity) - Elevation of Privilege
  • CVE-2025-48601 (High severity) - Elevation of Privilege
  • CVE-2025-48615 (High severity) - Elevation of Privilege
  • CVE-2025-48617 (High severity) - Elevation of Privilege
  • CVE-2025-48618 (High severity) - Elevation of Privilege
  • CVE-2025-48620 (High severity) - Elevation of Privilege
  • CVE-2025-48621 (High severity) - Elevation of Privilege
  • CVE-2025-48627 (High severity) - Elevation of Privilege
  • CVE-2025-48629 (High severity) - Elevation of Privilege
  • CVE-2025-48632 (High severity) - Elevation of Privilege
  • CVE-2025-48639 (High severity) - Elevation of Privilege
  • CVE-2025-48591 (High severity) - Information Disclosure
  • CVE-2025-48592 (High severity) - Information Disclosure
  • CVE-2025-48628 (High severity) - Information Disclosure
  • CVE-2025-48633 (High severity) - Information Disclosure
  • CVE-2025-48576 (High severity) - Denial of Service
  • CVE-2025-48584 (High severity) - Denial of Service
  • CVE-2025-48590 (High severity) - Denial of Service
  • CVE-2025-48603 (High severity) - Denial of Service
  • CVE-2025-48607 (High severity) - Denial of Service
  • CVE-2025-48614 (High severity) - Denial of Service

System Component Vulnerabilities:

  • CVE-2023-40130 (High severity) - Elevation of Privilege
  • CVE-2025-22432 (High severity) - Elevation of Privilege
  • CVE-2025-48536 (High severity) - Elevation of Privilege
  • CVE-2025-48566 (High severity) - Elevation of Privilege
  • CVE-2025-48575 (High severity) - Elevation of Privilege
  • CVE-2025-48586 (High severity) - Elevation of Privilege
  • CVE-2025-48598 (High severity) - Elevation of Privilege
  • CVE-2025-48599 (High severity) - Elevation of Privilege
  • CVE-2025-48612 (High severity) - Elevation of Privilege
  • CVE-2025-48626 (High severity) - Elevation of Privilege
  • CVE-2025-48555 (High severity) - Information Disclosure
  • CVE-2025-48600 (High severity) - Information Disclosure
  • CVE-2025-48604 (High severity) - Information Disclosure
  • CVE-2025-48622 (High severity) - Information Disclosure

Kernel Component Vulnerabilities:

  • CVE-2025-48623 (Critical severity) - Elevation of Privilege (pKVM)
  • CVE-2025-48624 (Critical severity) - Elevation of Privilege (IOMMU)
  • CVE-2025-48637 (Critical severity) - Elevation of Privilege (pKVM)
  • CVE-2025-48638 (Critical severity) - Elevation of Privilege (pKVM)
  • CVE-2024-35970 (High severity) - Elevation of Privilege (Net)
  • CVE-2025-38236 (High severity) - Elevation of Privilege (Net)
  • CVE-2025-38349 (High severity) - Elevation of Privilege (EPoll)
  • CVE-2025-48610 (High severity) - Information Disclosure (Kernel Virtual Machine)
  • CVE-2025-38500 (Moderate severity) - Elevation of Privilege (XFRM)

Arm Component Vulnerabilities (Mali GPU):

  • CVE-2025-6349 (High severity)
  • CVE-2025-8045 (High severity)

Imagination Technologies Component Vulnerabilities (PowerVR-GPU):

  • CVE-2025-6573 (High severity)
  • CVE-2025-25177 (High severity)
  • CVE-2025-46711 (High severity)
  • CVE-2025-58410 (High severity)

MediaTek Component Vulnerabilities:

  • CVE-2025-20725 (High severity) - IMS service
  • CVE-2025-20726 (High severity) - Modem
  • CVE-2025-20727 (High severity) - Modem
  • CVE-2025-20730 (High severity) - Preloader
  • CVE-2025-20750 (High severity) - Modem
  • CVE-2025-20751 (High severity) - Modem
  • CVE-2025-20752 (High severity) - Modem
  • CVE-2025-20753 (High severity) - Modem
  • CVE-2025-20754 (High severity) - Modem
  • CVE-2025-20755 (High severity) - Modem
  • CVE-2025-20756 (High severity) - Modem
  • CVE-2025-20757 (High severity) - Modem
  • CVE-2025-20758 (High severity) - Modem
  • CVE-2025-20759 (High severity) - Modem
  • CVE-2025-20790 (High severity) - Modem
  • CVE-2025-20791 (High severity) - Modem
  • CVE-2025-20792 (High severity) - Modem

Unisoc Component Vulnerabilities (Modem):

  • CVE-2025-31717 (High severity)
  • CVE-2025-31718 (High severity)
  • CVE-2025-3012 (High severity)
  • CVE-2025-11131 (High severity)
  • CVE-2025-11132 (High severity)
  • CVE-2025-11133 (High severity)
  • CVE-2025-61607 (High severity)
  • CVE-2025-61608 (High severity)
  • CVE-2025-61609 (High severity)
  • CVE-2025-61610 (High severity)
  • CVE-2025-61617 (High severity)
  • CVE-2025-61618 (High severity)
  • CVE-2025-61619 (High severity)

Qualcomm Component Vulnerabilities:

  • CVE-2025-47351 (High severity) - Kernel
  • CVE-2025-47354 (High severity) - Kernel
  • CVE-2025-47382 (High severity) - Bootloader

Qualcomm Closed-Source Component Vulnerabilities:

  • CVE-2025-47319 (Critical severity)
  • CVE-2025-47372 (Critical severity)
  • CVE-2025-27053 (High severity)
  • CVE-2025-27054 (High severity)
  • CVE-2025-27070 (High severity)
  • CVE-2025-27074 (High severity)
  • CVE-2025-47323 (High severity)
  • CVE-2025-47370 (High severity)

Android device users and administrators are strongly encouraged to update to security patch level 2025-12-05 or later to address all identified vulnerabilities. 

Users can check their device's security patch level by navigating to Settings > About Phone > Android Version. The Android security team continues to monitor for abuse through Google Play Protect, which is enabled by default on devices with Google Mobile Services. 

Device manufacturers incorporating these updates should set their patch string level to either [ro.build.version.security_patch]:[2025-12-01] or [ro.build.version.security_patch]:[2025-12-05] depending on which vulnerability subset they address.

For devices running Android 10 or later, Google Play system updates will also be available with the 2025-12-01 security patch level date string.

Google December 2025 patch fixes Over 100 Android vulnerabilities, two actively exploited
Read More
Google patches high-risk WebView flaw in first 2026 …
Another critical Microsoft alert after the patch tuesday …
Hackers breach Israel ESET partner and impersonate cyber …
Google releases December 2024 Android update, fixes multiple …
Google patches fourth actively exploited Chrome flaw in …