8.4

CVE-2025-48595

Warning
Media report
In multiple locations, there is a possible way to achieve code execution due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Data is provided by the National Vulnerability Database (NVD)
GoogleAndroid Version14.0
GoogleAndroid Version15.0
GoogleAndroid Version16.0 Update-
GoogleAndroid Version16.0 Updateqpr2_beta_1
GoogleAndroid Version16.0 Updateqpr2_beta_2
GoogleAndroid Version16.0 Updateqpr2_beta_3
VulnDex Vulnerability Enrichment
This information is available to logged-in users. Login Login

02.06.2026: CISA Known Exploited Vulnerabilities (KEV) Catalog

Android Framework Integer Overflow Vulnerability

Vulnerability

Android Framework contains an integer overflow vulnerability that allows for code execution that could allow for local privilege escalation.

Description

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Required actions
EPSS Metrics
Type Source Score percentile
EPSS FIRST.org 0.53% 0.675
CVSS Metrics
Source Base Score Exploit Score Impact Score Vector string
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.4 2.5 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

Für Zugriff zu Vulnerablity Intelligence ist ein VulnDex Zugang erforderlich.
Media Report
08.06.2026 16:25
Für Zugriff zu Vulnerablity Intelligence ist ein VulnDex Zugang erforderlich.
Media Report
05.06.2026 12:52
Für Zugriff zu Vulnerablity Intelligence ist ein VulnDex Zugang erforderlich.
Media Report
05.06.2026 12:51
Für Zugriff zu Vulnerablity Intelligence ist ein VulnDex Zugang erforderlich.
Media Report
05.06.2026 12:48
https://source.android.com/docs/security/bulletin/2026/2026-06-01
Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-48595
US Government Resource