GOOGLE’S November 2025 Android Security Bulletin addresses a critical remote code execution flaw in the System component, tracked as CVE-2025-48593, which could allow an attacker to run arbitrary code with no additional execution privileges and no user interaction, according to Google. The vulnerability affects Android versions 13 through 16 and is described as the most severe issue in that bulletin.
The bulletin also lists CVE-2025-48581, an Elevation of Privilege issue in the System component affecting Android 16. Devices updated to the 2025-11-01 security patch level are protected against this month’s disclosures, with manufacturers such as Samsung, Google Pixel, OnePlus and others typically delivering the patch via monthly OTA updates. Users are urged to apply the November 2025 update as soon as it becomes available to mitigate remote exploitation risks.