US Public Data LabU.S. public data, made readable
EN
日本語 English
High Known exploited (KEV) CVE-2025-48595

Integer overflow in the Android Framework (CVE-2025-48595) — local privilege escalation

Android Framework Added to KEV Jun 2, 2026 Federal remediation due 2026-06-05

An integer-overflow vulnerability in Android's core "Framework" component leads, via code execution, to local privilege escalation. Fixed in the June 2026 Android security update. CISA listed it as known-exploited (KEV) (CVSS 8.4 High).

Key facts

  • CVE IDCVE-2025-48595
  • CVSS base score8.4 HIGH
  • CVSS vectorCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Affected (vendor / product)Android Framework
  • CWECWE-190
  • ExploitationListed in CISA KEV (exploitation confirmed)
  • Remediation due2026-06-05 (U.S. federal civilian agencies, BOD 22-01)

Key points

  • Integer overflow (CWE-190) in the Android Framework (the OS foundation layer)
  • Leads to local privilege escalation via code execution
  • Fixed in the June 2026 Android security bulletin. Listed in CISA KEV (CVSS 8.4 High)
  • Response: update the device security patch level to 2026-06-01 or later
  • Federal civilian remediation deadline was June 5, 2026

CVE-2025-48595 is an integer-overflow vulnerability (CWE-190) in Android's core "Framework" component (the layer bridging apps and the OS). Integer overflow causes inconsistencies in memory handling, and using that as a foothold for code execution enables local privilege escalation (obtaining higher privileges) on the device.

Local privilege escalation does not by itself allow remote intrusion, but combined with a malicious app or another vulnerability it is often abused as the "final push" that lets an attacker take deep control of a device. It was added to CISA's KEV catalog on June 2, 2026, with exploitation confirmed in the wild.

Key response: a fix is provided in Google's Android Security Bulletin (June 2026). The basic action is to update the device security patch level to 2026-06-01 or later. If you manage Android devices in your organization, verify via MDM that the latest security patch is applied. The federal civilian remediation deadline was June 5, 2026.

Why it matters

For organizations managing many corporate Android devices, the priorities are visibility into patch status and updating. In BYOD environments, it is a prompt to enforce a minimum patch level by policy.

FAQ

What is local privilege escalation?
An attack in which a process already running on a device (e.g. a malicious app) seizes higher privileges than it should have. It differs from standalone remote intrusion but becomes serious when combined with other weaknesses.
What should I do?
Update the Android security patch to the latest (2026-06-01 or later). In organizations, verifying patch status via MDM is effective.

Sources (primary)

This article is an independent organization based on the U.S. official data below. Always verify the exact, latest details and applicability with the official and vendor sources.

#Android#Mobile#Privilege escalation#Integer overflow

← Back to vulnerability alerts

Disclaimer: This site independently summarizes and classifies information based on official data sources. Always verify the latest and accurate information with the official sources. Content on finance, health, legal, and security is information, not advice. This site is not an official website of the U.S. government.