ON 2 June 2026, CISA added CVE‑2025‑48595 to its Known Exploited Vulnerabilities (KEV) catalogue. The vulnerability affects the Android Framework component of the Android operating system. It is an integer‑overflow flaw that enables local attackers to execute arbitrary code and achieve privilege escalation.
The flaw is classified as an integer overflow that can be triggered by a local user with low privileges, leading to code execution with elevated rights. The National Vulnerability Database assigns it a CVSS v3.1 score of 8.4, rating the severity as HIGH. At the time of writing, no patch or advisory has been made publicly available, and the patch status is listed as unknown.
Because the vulnerability appears in the KEV catalogue, active exploitation in the wild has been confirmed. CISA has not linked this CVE to any known ransomware campaign, and the known ransomware use is marked as unknown. Federal agencies must apply mitigations by the CISA remediation deadline of 5 June 2026.
CISA requires affected Federal Civilian Executive Branch (FCEB) agencies to apply mitigations per vendor instructions, follow applicable BOD 22‑01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. All other organisations should review their Android‑based systems for exposure and implement the same mitigations where feasible.
For full technical details, consult the NVD entry at https://nvd.nist.gov/vuln/detail/CVE‑2025-48595 and the CISA KEV catalogue.