CVE-2025-48595

Warning

Media report

EPSS 0.53%
Published 01.06.2026 21:14:49
Last modified 02.06.2026 20:19:29
Source security@android.com
CVE watchlists
Login
Open
Login

In multiple locations, there is a possible way to achieve code execution due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected products Warnungen 1 Metrics 2 CWE 1 References 9

NVD 6 VulnDex Vulnerability Enrichment 1

Data is provided by the National Vulnerability Database (NVD)

Google ≫ Android Version14.0

Google ≫ Android Version15.0

Google ≫ Android Version16.0 Update-

Google ≫ Android Version16.0 Updateqpr2_beta_1

Google ≫ Android Version16.0 Updateqpr2_beta_2

Google ≫ Android Version16.0 Updateqpr2_beta_3

VulnDex Vulnerability Enrichment

This information is available to logged-in users.

02.06.2026: CISA Known Exploited Vulnerabilities (KEV) Catalog

Android Framework Integer Overflow Vulnerability

Vulnerability

Android Framework contains an integer overflow vulnerability that allows for code execution that could allow for local privilege escalation.

Description

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Required actions

EPSS Metrics
Type	Source	Score	percentile
EPSS	FIRST.org	0.53%	0.675

CVSS Metrics
Source	Base Score	Exploit Score	Impact Score	Vector string
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.4	2.5	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

Für Zugriff zu Vulnerablity Intelligence ist ein VulnDex Zugang erforderlich.

Media Report

08.06.2026 16:25

Für Zugriff zu Vulnerablity Intelligence ist ein VulnDex Zugang erforderlich.

Media Report

05.06.2026 12:52

Für Zugriff zu Vulnerablity Intelligence ist ein VulnDex Zugang erforderlich.

Media Report

05.06.2026 12:51

Für Zugriff zu Vulnerablity Intelligence ist ein VulnDex Zugang erforderlich.

Media Report

05.06.2026 12:48

https://source.android.com/docs/security/bulletin/2026/2026-06-01

Vendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-48595

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2025-48595

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-48595

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-48595

EUVD

Team-oriented vulnerability management platformTeam-oriented vulnerability management

Platform features

CVE-2025-48595

02.06.2026: CISA Known Exploited Vulnerabilities (KEV) Catalog