InfoSecBulletin Cybersecurity for mankind
On Monday, Google released its monthly security updates for Android, addressing two vulnerabilities that have been exploited in the wild. The patch fixes 107 security issues across various components, including Framework, System, Kernel, and those from Arm, Imagination Technologies, MediaTek, Qualcomm, and Unison.
The two high-severity shortcomings that have been exploited are listed below:
CISA: Splunk flaw under active exploit, patch by Sunday
Texas data breach exposes 3 million driver’s licenses
Critical Cisco ISE Vulnerability Enables Remote Code Execution
F5 Patches NGINX Flaw for Code Execution and DoS Attacks
FortiBleed: 70,000 Fortinet Firewalls Compromised Globally
New Rokarolla Android malware hits 217 banking and crypto apps
Phishing Campaign Exploits Legitimate Microsoft Login Flow
ALERT
Cisco SD-WAN Zero-Day, FortiSandbox and cPanel flaws exploited in attacks
“Panthalassa” builds floating AI data centers powered by ocean waves
Critical Wazuh Vuln Enables Alert Tampering and Evidence Deletion
CVE-2025-48633: An information disclosure vulnerability in Framework
CVE-2025-48572: An elevation of privilege vulnerability in Framework
Google has not provided details on the attacks, including their nature, whether they are linked, or their scale. The identities of those responsible remain unknown.
However, the tech giant acknowledged in its advisory that there are indications they “may be under limited, targeted exploitation.”
Also fixed by Google as part of the December 2025 updates is a critical vulnerability in the Framework component (CVE-2025-48631) that could result in remote denial-of-service (DoS) with no additional execution privileges needed.
The December security bulletin has two patch levels: 2025-12-01 and 2025-12-05. This allows manufacturers to quickly fix common vulnerabilities in Android devices. Users should update to the latest patch as soon as it’s available.
The update follows the company’s release of fixes three months ago for two serious vulnerabilities in the Linux Kernel (CVE-2025-38352, CVSS score: 7.4) and Android Runtime (CVE-2025-48543, CVSS score: 7.4) that could allow local privilege escalation.
