PT-2026-45567 · Google · Android

Published

2026-06-01

·

Updated

2026-06-29

·

CVE-2025-48595

CVSS v3.1

8.4

High

VectorAV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Android versions 14 through 16 QPR2
Description An integer overflow exists in multiple locations within the Android Framework, which is the core layer of APIs and system services that applications interact with. This issue allows for local escalation of privilege, enabling an attacker to execute arbitrary code with higher privileges. Exploitation does not require user interaction or additional execution privileges. There are indications that this issue has been under limited, targeted exploitation in the wild, and it has been added to the CISA Known Exploited Vulnerabilities (KEV) catalog.
Recommendations Update Android 14, 15, 16, and 16 QPR2 to the 2026-06-05 security patch level.

Exploit

Fix

RCE

DoS

LPE

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BDU:2026-07652
CVE-2025-48595

Affected Products

Android