Android’s June 2026 Zero-Day: CVE-2025-48595 Is Under Targeted Attack — Update Now

MobNS

Google’s June 2026 Android security update is one of the most important of the year for phone owners — and, by several accounts, one that a lot of people still haven’t installed. It patches 124 vulnerabilities across the Android ecosystem, and one of them is already being used in real attacks.

The flaw under attack: CVE-2025-48595

The headline issue is CVE-2025-48595, a high-severity flaw (CVSS 8.4) in the Android Framework component. According to the CVE record, an integer overflow in multiple locations can lead to code execution and a local escalation of privilege — with no user interaction required. In plain terms: a malicious app or payload could gain elevated control of the device without the owner tapping anything. It affects devices running Android 14, 15, 16, and 16 QPR2.

Google has acknowledged signs that CVE-2025-48595 is under “limited, targeted exploitation.” The company did not name who is behind it or who was hit — but that phrasing has historically signalled commercial spyware and nation-state operators going after high-value individuals: journalists, dissidents, officials, and executives. Past Android bulletins using the same language were later tied to spyware families such as Predator and Hermit.

The urgency is now official. On June 2, 2026, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-48595 to its Known Exploited Vulnerabilities (KEV) catalog, giving federal civilian agencies a hard deadline of June 5 to remediate — a strong signal to everyone else to move quickly too.

What else the update fixes

Beyond the actively-exploited zero-day, the June rollup patches numerous flaws in Android System and Framework services, several of which could also lead to local privilege escalation. Google shipped the fixes in two patch levels — 2026-06-01 and 2026-06-05 — with the later level including everything in the first plus kernel and third-party chipset fixes from Imagination Technologies, MediaTek, Qualcomm, and Unisoc. When you check your patch level, the 2026-06-05 date is the one that confirms you have the complete set.

What to do

Open Settings → Security & privacy → System & updates (the exact path varies by manufacturer) and check for the June 2026 patch level. Pixel devices and recent flagships generally get it first; many other handsets lag, which is why a large share of users are still unprotected weeks after release. If you manage a fleet, push the update through your MDM and confirm devices report the 2026-06-05 patch string rather than just assuming the rollout completed.

A “limited, targeted” zero-day is not a reason to panic, but it is a reason not to wait. The same flaw that’s being used carefully against a few high-value targets today becomes commodity exploit code tomorrow — and the only durable defense is a device that’s actually on the current patch level.

This article summarizes publicly reported information from Google’s Android Security Bulletin and CISA. Consult those advisories for authoritative details.

Related Posts:

  • android-16-qpr1-makes-it-easier-to-find-your-recent-apps-with-its-taskbar-overfl
  • cisco-sd-wan-cve-2026-20182-zero-day-sixth-exploited
  • nsauditor-ai-ee-0-13-0-cis-controls-v8
  • pixel-ai-features-missing-other-android-phones
  • asus-rog-strix-woled-xg27aqwmg-review-burn-in-solved