Google has released the Android security bulletin for December 2025, fixing 107 vulnerabilities in total. Two of these flaws were already being used in targeted attacks, making this month’s update especially important for users.
The two actively exploited issues are known as CVE-2025-48633 and CVE-2025-48572. One is an information disclosure bug and the other is an elevation-of-privilege flaw. Both affect Android versions 13 through 16. Google says there are signs these vulnerabilities were being used in limited attacks, but the company has not shared technical details. In past cases, similar flaws have been linked to commercial spyware or operations carried out by advanced threat actors targeting high-profile individuals.
The most serious issue fixed this month is CVE-2025-48631, a denial-of-service problem inside the Android Framework. This kind of flaw can cause devices to crash or become unresponsive.
Google’s update includes fixes for 51 vulnerabilities in the Android Framework and System components under the December 1, 2025 patch level. Another 56 flaws were addressed in the Kernel and various closed-source components under the December 5 patch level. Among these are four critical elevation-of-privilege issues in the Kernel’s Pkvm and UOMMU parts, as well as two critical vulnerabilities affecting Qualcomm devices, tracked as CVE-2025-47319 and CVE-2025-47372.
Additional details for closed-source fixes are available through Qualcomm’s and MediaTek’s own security bulletins. Samsung has also released its bulletin, which includes Google’s patches along with Samsung-specific updates.
The December updates apply to devices running Android 13 and newer. However, many important security fixes are still delivered through Google Play system updates, which means users running Android 10 or later may still receive some protections. Google Play Protect can also help by detecting malware and blocking attack chains, so it is important to keep it updated.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
Users on older Android versions that no longer receive regular patches should consider switching to a third-party Android distribution that includes these fixes or upgrading to a newer device that still has active support.
