CVE-2025-48595
Published: 01 June 2026
Summary
CVE-2025-48595 is a high-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Google Android. Its CVSS base score is 8.4 (High).
Operationally, ranked in the top 25.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2025-48595 is an integer overflow vulnerability, tracked as CWE-190, that exists in multiple locations and can enable code execution. The issue affects the Android operating system and is rated 8.4 under CVSS 3.1, with the vector AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
A local attacker can exploit the flaw without user interaction or additional execution privileges to achieve escalation of privilege and full code execution on the device. The absence of required privileges or user actions lowers the bar for successful exploitation in environments where an attacker already has local access.
The vulnerability is covered in the Android security bulletin of June 1, 2026, which provides the corresponding patches. It is also listed in the CISA Known Exploited Vulnerabilities catalog, confirming that mitigation through timely application of updates is required for affected systems.
The current EPSS score stands at 0.0053.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-210013
Vulnerability details
In multiple locations, there is a possible way to achieve code execution due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- CWE(s)
- KEV Date Added
- 02 June 2026
Related Threats
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely installation of security patches that eliminate the integer-overflow flaw described in the Android bulletin and CISA KEV entry.
Mandates input validation and bounds checking that would have prevented the integer overflow leading to code execution.
Requires memory-protection mechanisms that can block exploitation of the overflow for unauthorized code execution and privilege escalation.