CISA KEV Alert 6/2/2026, 7:22:57 PM

CISA Adds CVE-2025-48595 to Known Exploited Vulnerabilities Catalogue

Developing story vulnerability 6 articles tracked
CISA adds Linux kernel CVE-2022-0492 and Android CVE-2025-48595 to KEV catalogue
CyberSIXT Evidence Panel Source marked as original reporting
Primary Source cisa.gov
CISA KEV Listed in KEV
Patch Patch Status Unknown

ON 2 June 2026, CISA added CVE‑2025‑48595 to its Known Exploited Vulnerabilities (KEV) catalogue. The vulnerability affects the Android Framework component of the Android operating system. It is an integer‑overflow flaw that enables local attackers to execute arbitrary code and achieve privilege escalation.

The flaw is classified as an integer overflow that can be triggered by a local user with low privileges, leading to code execution with elevated rights. The National Vulnerability Database assigns it a CVSS v3.1 score of 8.4, rating the severity as HIGH. At the time of writing, no patch or advisory has been made publicly available, and the patch status is listed as unknown.

Because the vulnerability appears in the KEV catalogue, active exploitation in the wild has been confirmed. CISA has not linked this CVE to any known ransomware campaign, and the known ransomware use is marked as unknown. Federal agencies must apply mitigations by the CISA remediation deadline of 5 June 2026.

CISA requires affected Federal Civilian Executive Branch (FCEB) agencies to apply mitigations per vendor instructions, follow applicable BOD 22‑01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. All other organisations should review their Android‑based systems for exposure and implement the same mitigations where feasible.

For full technical details, consult the NVD entry at https://nvd.nist.gov/vuln/detail/CVE‑2025-48595 and the CISA KEV catalogue.

View CISA KEV Entry

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline