Google Patches 120 Android Vulnerabilities, 2 Zero-Days Fixed

Android security updates zero-day vulnerabilities critical Android flaws Google security patches mobile security
Alan V Gutnov
Alan V Gutnov

Director of Strategy

 
December 2, 2025 2 min read
Google Patches 120 Android Vulnerabilities, 2 Zero-Days Fixed

TL;DR

Google's latest Android security updates tackle critical vulnerabilities and actively exploited zero-day flaws. These patches, including the December 2025 release, address defects in the framework, system, and kernel, with sources available for partners. Staying updated is crucial for mobile security against evolving cyber threats.

Android Security Updates Address Critical Vulnerabilities

Google has released several security updates for Android, addressing a range of vulnerabilities, including actively exploited zero-day flaws. These updates are crucial for maintaining the security and integrity of Android devices.

December 2025 Security Update

Google's December 2025 security update addresses a total of 107 defects. This update includes fixes for two zero-day vulnerabilities: CVE-2025-48633 and CVE-2025-48572. These high-severity defects affect the Android framework, potentially allowing attackers to access information and escalate privileges.

The most severe vulnerability in this update, CVE-2025-48631, is a critical defect in the framework that could lead to remote denial of service without requiring additional execution privileges. The update includes two patch levels: 2025-12-01 and 2025-12-05, allowing Android partners to address common vulnerabilities on different devices.

The primary security update addresses 37 vulnerabilities in the framework and 14 in the system. Additionally, the second patch addresses nine kernel vulnerabilities, including four critical ones, along with fixes for components from Arm, Imagination Technologies, MediaTek, Unisoc, and Qualcomm. Source code for these fixes will be released to the Android Open Source Project repository.

September 2025 Security Update

In September 2025, Google addressed 120 Android vulnerabilities, including two zero-day vulnerabilities that were actively exploited.

The two zero-day vulnerabilities patched in the September update are:

  • CVE-2025-38352: A privilege escalation flaw in the Linux Kernel component.
  • CVE-2025-48543: A privilege escalation flaw in the Android Runtime component.

Google noted that these vulnerabilities could lead to local escalation of privilege without requiring user interaction and indicated "limited, targeted exploitation" Android Security Alert: Google Patches 120 Flaws, Including Two Zero-Days Under Attack. The update also included fixes for remote code execution, privilege escalation, information disclosure, and denial-of-service vulnerabilities affecting Framework and System components. To provide flexibility, Google released two security patch levels: 2025-09-01 and 2025-09-05 shipped.

Importance of Timely Updates

Given the increasing sophistication of cyber threats, organizations must prioritize mobile security. The Pradeo Mobile Threat Defense (MTD) solution offers continuous protection by detecting suspicious behaviors, blocking malicious applications, and providing visibility into device status.

Gopher Security specializes in AI-powered, post-quantum Zero-Trust cybersecurity architecture, providing a robust defense against evolving threats. Our platform converges networking and security across devices, apps, and environments, utilizing peer-to-peer encrypted tunnels and quantum-resistant cryptography to ensure comprehensive protection.

Staying Ahead of Cyber Threats with Gopher Security

The rise in Android vulnerabilities highlights the need for advanced security solutions. Gopher Security's platform offers a comprehensive approach to cybersecurity, ensuring that your organization remains one step ahead of cybercriminals.

Explore our services and contact us to learn how Gopher Security can protect your organization from advanced cyber threats.

Alan V Gutnov
Alan V Gutnov

Director of Strategy

 

MBA-credentialed cybersecurity expert specializing in Post-Quantum Cybersecurity solutions with proven capability to reduce attack surfaces by 90%.

Related News

China Espionage Threat: BRICKSTORM Malware Targets Tech and Legal Sectors
BRICKSTORM malware

China Espionage Threat: BRICKSTORM Malware Targets Tech and Legal Sectors

Uncover the sophisticated BRICKSTORM malware campaign linked to China. Learn about its tactics, targets, and how to defend your organization. Read more!

By Jim Gagnard December 5, 2025 4 min read
Read full article
Critical RCE Vulnerabilities in React and Next.js Expose Millions
React security

Critical RCE Vulnerabilities in React and Next.js Expose Millions

React & Next.js hit by critical RCE flaws! Learn about CVE-2025-55182, CVE-2025-66478, and CVE-2025-11953. Patch immediately to protect your applications. Read more!

By Divyansh Ingle December 4, 2025 3 min read
Read full article
Combating Cyber Threats: Harnessing AI for Effective Defense
AI cybersecurity

Combating Cyber Threats: Harnessing AI for Effective Defense

Cyberattackers are leveraging AI for sophisticated threats. Discover how to defend your organization with AI-driven strategies and tools. Learn more at Gopher Security.

By Alan V Gutnov December 3, 2025 7 min read
Read full article
Massive Password Breach: 1.3 Billion Credentials Exposed Online
password breach

Massive Password Breach: 1.3 Billion Credentials Exposed Online

A massive breach exposed 1.3B passwords. Learn how to check if you're affected and secure your accounts. Don't reuse passwords! Visit Gopher Security for advanced protection.

By Edward Zhou December 1, 2025 2 min read
Read full article