Google has dropped its December 2025 Android Security Bulletin—and it’s one of the most serious updates of the year. The company fixed 107 security vulnerabilities, including two actively exploited zero-day flaws that put millions of Android devices at risk. If you own an Android smartphone, this is the moment to check for updates. The threats being addressed aren’t theoretical—they’re already being used in real-world attacks.

Two Actively Exploited Zero-Days: CVE-2025-48633 and CVE-2025-48572

Google confirmed that attackers are exploiting two critical vulnerabilities in the wild:

🔹 CVE-2025-48633 – Information Disclosure

This flaw lets attackers steal sensitive data directly from your device. Because it lives inside the Android Framework, the core layer that controls how apps and the OS communicate, this is a particularly dangerous loophole.

🔹 CVE-2025-48572 – Privilege Escalation

The second zero-day is even more alarming. It allows an attacker to escalate privileges and potentially gain full control over the device. Combined with CVE-2025-48633, it opens the door to spyware-level compromises.

Affected Versions

These vulnerabilities impact a huge portion of the Android ecosystem:

• Android 13
• Android 14
• Android 15
• Android 16

In other words: nearly everyone.

CISA Confirms Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added both flaws to its Known Exploited Vulnerabilities (KEV) list—reserved only for threats confirmed to be used by attackers. When CISA reacts, you know it’s serious.

Google describes the exploits as “limited and targeted”, a phrase often used to refer to attacks on:

• Journalists
• Political activists
• High-value individuals
• Sensitive corporate users

But now that the details are public, the risk of broader exploitation increases dramatically.

A Critical Remote Crash Bug and Over 100 Additional Fixes

Beyond the two zero-days, Google’s fix list includes:

1 Critical Remote DoS Vulnerability (CVE-2025-48631)

This flaw allows someone to remotely crash your device without any permissions. Not the end of the world—but definitely not great.

Breakdown of the Remaining 100+ Fixes

• 34 vulnerabilities in the Android Framework
• 13 vulnerabilities in the System component
• Around 50 more across:
  • Linux Kernel
  • Arm Mali GPU drivers
  • MediaTek components
  • Qualcomm components
  • Unisoc components

Kernel Highlights

Four kernel vulnerabilities are rated critical, enabling privilege escalation through:

• pKVM
• IOMMU

These kinds of flaws are often used in rootkits, jailbreaks, and persistent spyware.

How to Check If You’re Protected

To see if your phone received the December 2025 security patch:

Go to:
Settings → About Phone → Android Version
(or Software Information, depending on your manufacturer)

You should see:

Android security patch level: December 1, 2025

If your device shows an earlier date, tap Check for updates and install the patch as soon as possible.

Pixel Devices

Google Pixel phones have already received the update.

Samsung, OnePlus, Xiaomi & Others

Rollout timing varies by:

• Device model
• Region
• Carrier

Some devices may receive the patch in days—others in weeks. Vendor fragmentation remains a major Android weakness.

Older Devices

Phones that no longer receive security updates are permanently vulnerable to these flaws. Your only options are:

• Installing a secure custom ROM like GrapheneOS or LineageOS
• Upgrading your device

(GrapheneOS is definitely having a moment right now—everyone seems to be talking about it!)

Conclusion

Google’s December 2025 Android Security Update is a major release, patching over a hundred vulnerabilities—two of which are already being used in active attacks. If your device runs Android 13, 14, 15, or 16, installing this update isn’t optional. It’s essential.

Take 60 seconds to check your patch level. With two zero-days already circulating, staying unpatched means staying exposed. Update now, stay safe, and keep an eye on your manufacturer’s release schedule—your digital security depends on it.