PT-2026-45567 · Google · Android
Published
2026-06-01
·
Updated
2026-06-29
·
CVE-2025-48595
CVSS v3.1
8.4
High
| Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Android versions 14 through 16 QPR2
Description
An integer overflow exists in multiple locations within the Android Framework, which is the core layer of APIs and system services that applications interact with. This issue allows for local escalation of privilege, enabling an attacker to execute arbitrary code with higher privileges. Exploitation does not require user interaction or additional execution privileges. There are indications that this issue has been under limited, targeted exploitation in the wild, and it has been added to the CISA Known Exploited Vulnerabilities (KEV) catalog.
Recommendations
Update Android 14, 15, 16, and 16 QPR2 to the 2026-06-05 security patch level.
Exploit
Fix
RCE
DoS
LPE
Integer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Android