SB2025120164 - Multiple vulnerabilities in Google Android
Published: December 1, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 51 secuirty vulnerabilities.
1) Improper input validation (CVE-ID: CVE-2025-48536)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
2) Exposure of sensitive information to an unauthorized actor (CVE-ID: CVE-2025-48628)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.
3) Exposure of sensitive information to an unauthorized actor (CVE-ID: CVE-2025-48633)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.
Note, the vulnerability is being actively exploited in the wild.
4) Improper input validation (CVE-ID: CVE-2025-48576)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Framework component. A local application can perform a denial of service (DoS) attack.
5) Improper input validation (CVE-ID: CVE-2025-48584)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Framework component. A local application can perform a denial of service (DoS) attack.
6) Improper input validation (CVE-ID: CVE-2025-48590)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Framework component. A local application can perform a denial of service (DoS) attack.
7) Improper input validation (CVE-ID: CVE-2025-48603)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Framework component. A local application can perform a denial of service (DoS) attack.
8) Improper input validation (CVE-ID: CVE-2025-48607)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Framework component. A local application can perform a denial of service (DoS) attack.
9) Improper input validation (CVE-ID: CVE-2025-48614)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Framework component. A local application can perform a denial of service (DoS) attack.
10) Improper input validation (CVE-ID: CVE-2023-40130)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
11) Improper input validation (CVE-ID: CVE-2025-48566)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
12) Exposure of sensitive information to an unauthorized actor (CVE-ID: CVE-2025-48591)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.
13) Improper input validation (CVE-ID: CVE-2025-48575)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
14) Improper input validation (CVE-ID: CVE-2025-48586)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
15) Improper input validation (CVE-ID: CVE-2025-48598)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
16) Improper input validation (CVE-ID: CVE-2025-48599)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
17) Improper input validation (CVE-ID: CVE-2025-48612)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
18) Improper input validation (CVE-ID: CVE-2025-48626)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
19) Exposure of sensitive information to an unauthorized actor (CVE-ID: CVE-2025-48555)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
20) Exposure of sensitive information to an unauthorized actor (CVE-ID: CVE-2025-48600)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
21) Exposure of sensitive information to an unauthorized actor (CVE-ID: CVE-2025-48604)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
22) Exposure of sensitive information to an unauthorized actor (CVE-ID: CVE-2025-48622)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the System component. A local application can gain access to sensitive information.
23) Exposure of sensitive information to an unauthorized actor (CVE-ID: CVE-2025-48592)
The vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Framework component. A local application can gain access to sensitive information.
24) Improper input validation (CVE-ID: CVE-2025-48639)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
25) Improper input validation (CVE-ID: CVE-2025-48631)
The vulnerability allows a local application to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Framework component. A local application can perform a denial of service (DoS) attack.
26) Improper input validation (CVE-ID: CVE-2025-48588)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
27) Improper input validation (CVE-ID: CVE-2025-22420)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
28) Improper input validation (CVE-ID: CVE-2025-32319)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
29) Improper input validation (CVE-ID: CVE-2025-32328)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
30) Improper input validation (CVE-ID: CVE-2025-32329)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
31) Improper input validation (CVE-ID: CVE-2025-48525)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
32) Improper input validation (CVE-ID: CVE-2025-48564)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
33) Improper input validation (CVE-ID: CVE-2025-48565)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
34) Improper input validation (CVE-ID: CVE-2025-48572)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
Note, the vulnerability is being actively exploited in the wild.
35) Improper input validation (CVE-ID: CVE-2025-48573)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
36) Improper input validation (CVE-ID: CVE-2025-48580)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
37) Improper input validation (CVE-ID: CVE-2025-48583)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
38) Improper input validation (CVE-ID: CVE-2025-48589)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
39) Improper input validation (CVE-ID: CVE-2025-48632)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
40) Improper input validation (CVE-ID: CVE-2025-48594)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
41) Improper input validation (CVE-ID: CVE-2025-48596)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
42) Improper input validation (CVE-ID: CVE-2025-48597)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
43) Improper input validation (CVE-ID: CVE-2025-48601)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
44) Improper input validation (CVE-ID: CVE-2025-48615)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
45) Improper input validation (CVE-ID: CVE-2025-48617)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
46) Improper input validation (CVE-ID: CVE-2025-48618)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
47) Improper input validation (CVE-ID: CVE-2025-48620)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
48) Improper input validation (CVE-ID: CVE-2025-48621)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
49) Improper input validation (CVE-ID: CVE-2025-48627)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
50) Improper input validation (CVE-ID: CVE-2025-48629)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Framework component. A local application can execute arbitrary code.
51) Improper input validation (CVE-ID: CVE-2025-22432)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the System component. A local application can execute arbitrary code.
Remediation
Install update from vendor's website.