Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

[KEV] CVE-2025-48595 -- CVSS 0.0 Vulnerability Briefing

[KEV] CVE-2025-48595 | CVSS 0.0 (Low) | Exploit: Operational

What Is It

CVE-2025-48595 is an integer overflow vulnerability in the Android Framework component that enables local privilege escalation on affected Android devices.

Technical Detail

The flaw resides in the Android Framework and stems from improper handling of integer arithmetic, where an overflow condition can be triggered by a locally executing application or process. A successful exploit allows an attacker to execute arbitrary code in a higher-privilege context, effectively escalating from a lower-privileged user or application sandbox to a more trusted system level. The practical impact is local privilege escalation, which in a chained attack scenario can serve as a stepping stone to full device compromise.

Exploitation Status

CISA has confirmed active exploitation in the wild, with this vulnerability added to the Known Exploited Vulnerabilities catalog on June 2, 2026. The exploit maturity is rated Operational, meaning a functional exploit capable of reliable use against real targets exists and has been observed in active attack scenarios, not merely as a proof-of-concept.

Who Is Targeting This

No confirmed, ATTAX-verified threat actor attribution is available at this time. Reported attribution carries medium confidence but no specific actor name, origin, or motivation has been publicly identified. No campaigns or targeted sectors have been associated with this vulnerability in available intelligence.

What To Do

Organizations and individuals running Android devices should apply the relevant Android security patch immediately. Per CISA's Known Exploited Vulnerabilities catalog listing, federal agencies operating under BOD 22-01 are required to remediate this vulnerability by the applicable deadline tied to the June 2, 2026 KEV addition. Device administrators should prioritize patching Android endpoints, particularly those used in enterprise or government environments. Until patching is complete, restrict installation of untrusted applications and enforce application allowlisting where possible. Monitor for anomalous privilege escalation activity or unexpected process execution at elevated privilege levels on Android endpoints.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →