Skip to main content
Live Webinar with SANS (June 25)— Agentic CTI Automation for Fun & ProfitRegister Free
Mallory
Back to vulnerabilities
MediumCISA KEVExploited in the wildPublic exploit

Android Framework Information Disclosure Vulnerability

IdentifiersCVE-2025-48633CWE-200

CVE-2025-48633 is a high-severity information disclosure vulnerability in the Android Framework component. The provided content does not identify the exact vulnerable function or code path, but multiple sources consistently describe it as a Framework flaw that can be exploited by a local Android application to access sensitive information beyond normal app sandbox boundaries. The issue affects Android 13, 14, 15, and 16, and Google indicated it was under limited, targeted exploitation in the wild at the time of disclosure.

Share:
For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial
ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation can expose sensitive information from the Android system or other protected memory/data contexts to a malicious local application. Based on the provided reporting, this may allow access to sensitive system memory or other data not normally available to the attacking app, weakening Android’s application isolation model and potentially supporting further compromise, surveillance, or exploit chaining.

Mitigation

If you can’t patch tonight, do this now.

Where immediate patching is not possible, reduce exposure by limiting installation of untrusted or unnecessary applications, enforcing managed app policies on enterprise devices, keeping Google Play Protect enabled, and restricting use of devices that are not receiving current OEM security updates. Because exploitation is local and app-based according to the available content, application control and rapid update deployment are the primary mitigations. No specific workaround short of patching is provided in the supplied material.

Remediation

Patch, then assume compromise.

Apply the Android December 2025 security updates provided by Google and OEMs. The vulnerability is addressed in the December 2025 Android Security Bulletin; devices updated to security patch level 2025-12-01 receive the Framework fix, and devices at 2025-12-05 or later are covered for all issues in that bulletin. Organizations should ensure vendor-specific firmware and OTA updates have been installed on supported Android 13–16 devices and verify actual device patch levels rather than assuming bulletin publication equals remediation.
PUBLIC EXPLOITS

Exploits

No valid public exploits. Mallory filtered out 2 candidates as fakes, detection scripts, or README-only repos.

VALID 0 / 2 TOTALView more in app

All candidate exploits were filtered out by Mallory's validation.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType
GoogleAndroidoperating_system

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

32 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

32 SOURCESView more in app
bleeping computerNews
Jun 2, 2026
Google fixes one actively exploited Android zero-day, 124 flaws

A high-severity Android zero-day previously patched by Google and described as being under limited, targeted exploitation.

Read more
bleeping computerNews
Mar 3, 2026
Android gets patches for Qualcomm zero-day exploited in attacks

A high-severity Android zero-day vulnerability patched by Google in December and described as under limited, targeted exploitation.

Read more
the hacker newsNews
Feb 28, 2026
Android - Latest News, Reports & Analysis | The Hacker News

An information disclosure vulnerability in the Android Framework component that Google states has been exploited in the wild (limited/targeted).

Read more
cyberthroneNews
Dec 26, 2025
When Silence Broke Security: Zero-Days in 2025 - TheCyberThrone

Android information disclosure vulnerability described as a zero-day and actively exploited.

Read more
+14 more in the timeline
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.
Start free trial
Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures1

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity13

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES
MITRE CVE
cve.org · CVE-2025-48633
NVD
nvd.nist.gov/vuln/detail/CVE-2025-48633
MITRE CWE · CWE-200
cwe.mitre.org
Patch
android.googlesource.com/platform/frameworks/base/+/d00bcda9f42dcf272d329e9bf9298f32af732f93
Vendor Advisory
source.android.com/security/bulletin/2025-12-01
US Government Resource
cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-48633