CISA warned today that two Android zero-day vulnerabilities are under active attack, within hours of Google releasing patches for the flaws.
Both are high-severity Android framework vulnerabilities. CVE-2025-48572 is a Privilege Escalation vulnerability, while CVE-2025-48633 is an Information Disclosure vulnerability.
Both were among 107 Android vulnerabilities addressed by Google in its December security bulletin released today.
https://thecyberexpress.com/cisa-warns- ... -attacked/