Google Patches Android Zero-Day CVE-2025-48595 Exploited in Targeted Attacks

Google's June 2026 Android security update addresses 124 vulnerabilities, highlighted by an actively exploited high-severity integer overflow zero-day (CVE-2025-48595) in the Android Framework that allows local privilege escalation without user interaction; Google reports limited targeted exploitation and the issue is listed in CISA's KEV. Affected Android 14–16 devices should be patched immediately; enterprises should enforce patch levels via MDM/MAM, restrict untrusted app installs, enable Play Protect, and monitor for privilege escalation activity.