CVE-2025-48595EXPLOITED

google · android

CVE-2025-48595: In multiple locations, there is a possible way to achieve code execution due to an integer overflow. This could lead to

Description

In multiple locations, there is a possible way to achieve code execution due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Products

Vendor	Product	Versions
google	android	16-qpr2, 16, 15, 14

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
google	android	cert_advisory	90%
samsung	android	cert_advisory	90%

References

https://source.android.com/docs/security/bulletin/2026/2026-06-01

Related News (11 articles)

Tier D

Help Net Security5h ago

Week in review: Cisco SD-WAN 0-day exploited, Patch Tuesday forecast

→ No new info (linked only)

Tier D

BleepingComputer3d ago

CISA warns of active attacks exploiting Android, Linux bugs

→ No new info (linked only)

Tier D

The Hacker News4d ago

Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited

→ No new info (linked only)

Tier B

CCCS Canada4d ago

Android security advisory – June 2026 monthly rollup (AV26-538)

→ No new info (linked only)

Tier D

SecurityWeek4d ago

Android Update Patches Exploited Zero-Day, 123 Other Vulnerabilities

→ No new info (linked only)

Tier D

Help Net Security5d ago

Google fixes actively exploited Android vulnerability (CVE-2025-48595)

→ No new info (linked only)

Tier D

BleepingComputer5d ago

Google fixes one actively exploited Android zero-day, 124 flaws

→ No new info (linked only)

Tier B

BSI Advisories5d ago

[NEU] [hoch] Google Android: Mehrere Schwachstellen

→ No new info (linked only)

Tier B

BSI Advisories5d ago

[UPDATE] [hoch] Samsung Android: Mehrere Schwachstellen

→ No new info (linked only)

Tier C

VulDB5d ago

CVE-2025-48595 | Google Android 14/15/16/16-qpr2 integer overflow

→ No new info (linked only)

Tier B

CERT-FR5d ago

Multiples vulnérabilités dans Google Android (02 juin 2026)

→ No new info (linked only)

CVSS 3.18.4 HIGH

VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited✅ Yes

PublishedJun 1, 2026

Last enriched3d agov4

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

CRITICALCVE-2026-10881EXP

CVE-2026-10881: Out of bounds read and write in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially p

Trending: 53

HIGHCVE-2026-11255EXP

CVE-2026-11255: Insufficient validation of untrusted input in Storage Access API in Google Chrome prior to 149.0.7827.53 allowed a remot

Trending: 51

CRITICALCVE-2026-11070EXP

CVE-2026-11070: Insufficient validation of untrusted input in Chromoting in Google Chrome on Windows prior to 149.0.7827.53 allowed a re

Trending: 50

CRITICALCVE-2026-10946EXP

CVE-2026-10946: Heap buffer overflow in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to

Trending: 50

CRITICALCVE-2026-11082EXP

CVE-2026-11082: Race in GPU in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the rendere

Trending: 50

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Jun 1, 2026

Discovered by ZDM

Jun 1, 2026

Updated: severity

Jun 2, 2026

Updated: activelyExploited, exploitAvailable

Jun 2, 2026

Actively Exploited

Jun 3, 2026

Exploit Available

Jun 3, 2026

Updated: tags

Jun 3, 2026

Version History

Last enriched 3d ago

v4Tier D3d ago

Updated description with more technical detail, added affected version 14, and included patch information for June 2026.