Overview
- Google's December 2025 Android Security Bulletin lists 61 AOSP fixes in patch level 2025-12-01, including a critical framework DoS flaw tracked as CVE-2025-48631 affecting Android 13 through 16.
- Two vulnerabilities, CVE-2025-48633 for information disclosure and CVE-2025-48572 for privilege escalation, are confirmed as being actively exploited in limited, targeted attacks.
- A second patch level, 2025-12-05, delivers Linux kernel and chipset vendor fixes, with critical issues noted in pKVM and updates spanning Arm Mali, Imagination PowerVR, MediaTek, Unisoc and Qualcomm components.
- Samsung has begun rolling out its December package with 68 fixes, including 11 Samsung Vulnerability Exposures for Galaxy devices, and it is extending security updates by 12 months for the Galaxy Z Fold 3 and Flip 3.
- Users are advised to check for and install patch levels 2025-12-01 and 2025-12-05 as they become available, as rollout timing varies by OEM under Google's model that prioritizes monthly high‑risk fixes and quarterly remaining updates.