CYBERSIXT Signal Over Noise
www.securityweek.com 6/2/2026, 2:41:10 PM · external

Google patches Android zero day CVE‑2025‑48595 among 124 fixes

Google patches Android zero day CVE‑2025‑48595 among 124 fixes
Incident Open incident page

Drupal SQL Injection Exploit: Critical Flaw Exploited in the Wild with Public PoC

The page reports on two critical vulnerabilities actively exploited today: CVE-2022-0492, related to improper authentication in the Linux Kernel, and CVE-2025-48595, an integer overflow vulnerability in the Android Framework. Access to the detailed vulnerability report requires support from the reader, encouraging contributions via platforms like PayPal and…

First seen 2026-06-02T02:32:14.106Z · Last seen 2026-06-03T08:32:53.347Z

CVE-2025-48595 CVE-2026-0059 CVE-2022-0492
CyberSIXT Evidence Panel
Primary Source source.android.com
CVE Intel
CVE-2025-48595 - NVD Not in KEV 8.4 HIGH Patch Unknown
CVE-2026-0059 - NVD Not in KEV 8 HIGH Patch Unknown
CISA KEV Not in KEV
Patch Patch Status Unknown

GOOGLE announced a new Android update aimed at patching 124 vulnerabilities, including a critical zero-day exploit (CVE-2025-48595) linked to privilege escalation in Android's Framework. Though exploitation details remain scarce, it indicates targeted attacks are occurring. The update also addresses 18 critical vulnerabilities capable of privilege escalation and DoS attacks, with some affecting Qualcomm components. Only one vulnerability (CVE-2026-0059) allows for remote code execution. The rise of commercial spyware vendors poses a growing risk as they develop sophisticated exploits for government clients.

View Primary Source Via www.securityweek.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline