CVE-2025-48633 and CVE-2025-48572: Android Framework Information Disclosure and Privilege Escalation Vulnerabilities Exploited in the Wild

The report summarizes two actively exploited Android Framework flaws — CVE-2025-48633 (information disclosure) and CVE-2025-48572 (privilege escalation) — that Google patched in its December 2025 Android Security Bulletin and which CISA added to the Known Exploited Vulnerabilities catalog, urging prompt remediation; the article also highlights rising CVE volumes and recommends updating devices and applying mitigations.