Google released its December 2025 security updates for the Android operating system on Monday, and said two vulnerabilities addressed by the patches have been exploited in the wild.
The patch addresses a total of 107 security flaws spanning different components, including Framework, System and Kernel, as well as issues affecting Arm, Imagination Technologies, MediaTek, Qualcomm and Unison.
Google identified two high-severity issues reported as being exploited: CVE-2025-48633, an information disclosure in the Framework component, and CVE-2025-48572, a Framework elevation-of-privilege vulnerability. The company has not provided technical details about the attacks, their scale or attribution, and said there are indications the flaws may be under limited, targeted exploitation.
The bulletin also fixes a critical Framework vulnerability, CVE-2025-48631, which Google said could result in a remote denial-of-service condition without requiring additional execution privileges.
December’s security bulletin is published with two patch levels, 2025-12-01 and 2025-12-05, giving device manufacturers flexibility to deploy a subset of fixes more quickly. Users are advised to install the latest patch level when it becomes available for their devices.
The release follows fixes issued three months earlier for two actively exploited flaws in the Linux kernel (CVE-2025-38352) and Android Runtime (CVE-2025-48543) that could lead to local privilege escalation.