CVE-2025-48595

Analyzed
Published: 01 Jun 2026, 21:14
Last modified:02 Jun 2026, 19:58

Vulnerability Summary

Overall Risk (default)
medium
34/100
CVSS Score
8.4 HIGH
v3.1 (cve.org)
EPSS Score
<0.01% LOW
0% probability
KEV
Listed
CISA
1 listing
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

01 Jun 2026, 21:14
Published
Vulnerability first disclosed
02 Jun 2026, 00:00
Added to CISA KEV
Android Framework Integer Overflow Vulnerability
02 Jun 2026, 19:58
Last Modified
Vulnerability information updated
05 Jun 2026, 00:00
CISA Remediation Due
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Description

In multiple locations, there is a possible way to achieve code execution due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS Metrics

  • v3.1HIGHScore: 8.4CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Trends

Current EPSS score: 0.01% Percentile: 0%

Techniques & Countermeasures

  • CWE-190Integer Overflow or Wraparound

    The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

Affected Systems

  • googleandroid

    16-qpr2 | 16 | 15 | 14 | 14.0 | 15.0 | 16.0 | 16.0:qpr2_beta_1 | 16.0:qpr2_beta_2 | 16.0:qpr2_beta_3

References (2)