Android CVE-2025-48595: patch now, active
Google's June 2026 Android Security Bulletin includes CVE-2025-48595, an integer overflow in Framework that enables local privilege escalation. Google confirms active targeted exploitation. CISA added it to KEV on June 2 with a federal remediation deadline of June 5.