What vulnerabilities does the November 2025 Android security update patch?

Google has released the November 2025 Android security update patching a critical remote code execution vulnerability in Android's core System component that requires no user interaction for exploitation. The update addresses two main vulnerabilities: CVE-2025-48593, a critical remote code execution flaw, and CVE-2025-48581, a high-severity elevation of privilege vulnerability.

What is CVE-2025-48593?

CVE-2025-48593 is a critical severity remote code execution vulnerability in Android's System component. It is caused by a validation of user input issue that allows remote attackers to execute arbitrary code without user interaction. The vulnerability affects Android versions 13, 14, 15, and 16.

What is CVE-2025-48581?

CVE-2025-48581 is a high-severity elevation of privilege vulnerability in Android's System component, specifically in the VerifyNoOverlapInSessions function of apexd.cpp. It could allow attackers to block security updates through mainline installations. This vulnerability exclusively affects Android 16 devices.

Which Android versions are affected by these November 2025 vulnerabilities?

CVE-2025-48593, the critical remote code execution vulnerability, affects Android versions 13, 14, 15, and 16. CVE-2025-48581, the elevation of privilege vulnerability, exclusively affects Android 16 devices.

What should Android users do about these vulnerabilities?

Android device owners should check their security patch level and install available updates. Google has released source code patches to the Android Open Source Project repository, and device manufacturers including Samsung, Google Pixel, OnePlus, Motorola, and others are integrating these fixes into their monthly over-the-air updates for distribution to end users.

What can attackers do by exploiting CVE-2025-48593?

By exploiting CVE-2025-48593, remote attackers can execute arbitrary code on affected Android devices without any user interaction. This is a validation of user input issue in Android's System component that allows for remote code execution, potentially giving attackers complete control over the device.

What can attackers do by exploiting CVE-2025-48581?

By exploiting CVE-2025-48581, attackers could block security updates through mainline installations. This elevation of privilege vulnerability in the VerifyNoOverlapInSessions function of apexd.cpp could prevent Android 16 devices from receiving critical security patches, leaving them vulnerable to other attacks.

How can I check if my Android device is protected?

Android device owners should check their security patch level in their device settings. Devices with security patch level 2025-11-01 or later are protected against all vulnerabilities disclosed in the November 2025 security bulletin, including CVE-2025-48593 and CVE-2025-48581.

What is the severity level of the Android vulnerabilities in November 2025?

The November 2025 Android security update addresses vulnerabilities of varying severity. CVE-2025-48593 is rated as critical severity by Google due to its remote code execution capabilities with no user interaction required. CVE-2025-48581 is rated as high severity and could allow attackers to block security updates on Android 16 devices.

Advisory

Google releases November 2025 Android patch, fixes critical zero-click flaw

Q: Does CVE-2025-48593 require user interaction to exploit?

No, CVE-2025-48593 is a critical remote code execution vulnerability in Android's core System component that requires no user interaction for exploitation. This makes it particularly dangerous as attackers can exploit it without any action from the device owner.

published: Nov. 4, 2025

Take action: This advisory is very important since there is a critical flaw that covers all Android versions, but most users can't rush the patch because their vendors may not have released an updated version of Android for their devices. Be aware that you shouldn't delay the update to your Android when the notification arrives on your phone.

Learn More

Google has released the November 2025 Android security update patching a critical remote code execution vulnerability in Android's core System component that requires no user interaction for exploitation.

Vulnerabilities summary

CVE-2025-48593 (CVSS score N/A, Google severity Critical), Remote Code Execution in System Component in validation of user input issue that allows remote attackers to execute arbitrary code. The vulnerability affects Android versions 13, 14, 15, and 16.
CVE-2025-48581 (CVSS score N/A, Google severity High Severity), Elevation of Privilege in System Component in the VerifyNoOverlapInSessions function of apexd.cpp. It could allow attackers to block security updates through mainline installations. This vulnerability exclusively affects Android 16 devices.

Google released patches for both vulnerabilities in the November 2025 security update with security patch level 2025-11-01 or later. Devices updated to this patch level are protected against all vulnerabilities disclosed in this bulletin.

Android device owners should check their security patch level and install available updates. Google has released source code patches to the Android Open Source Project (AOSP) repository, and device manufacturers including Samsung, Google Pixel, OnePlus, Motorola, and others are integrating these fixes into their monthly over-the-air updates for distribution to end users.

Google releases November 2025 Android patch, fixes critical zero-click flaw

Read More
Google patches another actively exploited flaw in Chrome
Critical flaw reported Parallels Desktop, PoC released
Microsoft pushes emergency update for Edge fixing Chromium …
Microsoft January 2026 Patch Tuesday fixes 114 flaws …
Microsoft Scripting Engine flaw exploited in wild, Proof-of-Concept …