CVE-2025-48595

8.4

CVSS
High

PUBLISHED

In multiple locations, there is a possible way to achieve code execution due to an integer overflow. This could lead to local escalation of...

Exploited in the wild Low complexity No user interaction

Vendor: Google
Product: Android
Published: Jun 01, 2026
EPSS: 0.0% · 0% pctl

Description

In multiple locations, there is a possible way to achieve code execution due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

android manual

CVSS scores

CVSS v3.1 8.4 High

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitation status

Exploited in the wild

Recorded 2026-06-02 12:15:00 UTC · Source

SSVC decision points

Exploitation: none
Automatable: No
Technical impact: total

References

https://source.android.com/docs/security/bulletin/2026/2026-06-01

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
CyberInsider	Jun 02, 2026
Manual	Jun 02, 2026

Recent mentions

Android June 2026 update patches actively exploited zero-day

CyberInsider · Jun 02, 2026

Google has released the June 2026 Android security updates, addressing dozens of vulnerabilities across the mobile operating system, including a high-severity zero-day flaw that is under active, targeted exploitation. The update also fixes multiple critical privilege-escalation and denial-of-service vulnerabilities affecting core Android components. The actively exploited vulnerability is tracked as CVE-2025-48595, an elevation-of-privilege (EoP) flaw … The post Android June 2026 update patches actively exploited zero-day appeared first on CyberInsider.

Vulnerability detail