---
title: "CISA Warns of Two Actively Exploited Android Vulnerabilities"
short_title: "CISA adds two critical Android flaws to KEV catalog"
description: "CISA has added two actively exploited Android vulnerabilities (CVE-2025-48572, CVE-2025-48633) to its KEV catalog. Learn about the risks and mitigation steps."
author: "Vitus"
date: 2025-01-24
categories: [Cybersecurity, Vulnerabilities]
tags: [cisa, android, cve-2025-48572, cve-2025-48633, privilege-escalation]
score: 0.85
cve_ids: [CVE-2025-48572, CVE-2025-48633]
---
TL;DR
CISA has added two critical Android vulnerabilities—CVE-2025-48572 (privilege escalation) and CVE-2025-48633 (information disclosure)—to its Known Exploited Vulnerabilities (KEV) Catalog due to evidence of active exploitation. Federal agencies must patch immediately, while all organizations are urged to prioritize remediation to reduce cyberattack risks.
---
Main Content
The Cybersecurity and Infrastructure Security Agency (CISA) has escalated its response to two newly discovered Android vulnerabilities after confirming their active exploitation in the wild. These flaws, now listed in the Known Exploited Vulnerabilities (KEV) Catalog, pose significant risks to both federal and private sector networks. Timely remediation is critical to mitigating potential attacks.
Key Points
- CVE-2025-48572: A privilege escalation vulnerability in the Android Framework that could allow attackers to gain elevated permissions on a compromised device.
- CVE-2025-48633: An information disclosure vulnerability in the Android Framework that may expose sensitive data to unauthorized users.
- Binding Operational Directive (BOD) 22-01: Mandates federal agencies to remediate these vulnerabilities by a specified deadline to protect against active threats.
- Broader Impact: While BOD 22-01 applies only to federal agencies, CISA urges all organizations to prioritize patching these vulnerabilities to reduce exposure to cyberattacks.
---
Technical Details
#### CVE-2025-48572: Android Framework Privilege Escalation Vulnerability
This flaw allows attackers to exploit weaknesses in the Android Framework to escalate privileges on a targeted device. Once exploited, malicious actors can bypass security restrictions, install unauthorized applications, or gain access to sensitive system functions. The vulnerability is particularly dangerous because it can be chained with other exploits to amplify an attack’s impact.
#### CVE-2025-48633: Android Framework Information Disclosure Vulnerability
This vulnerability enables attackers to access sensitive information stored on an Android device without proper authorization. Exposed data may include personal details, credentials, or system configurations, which could be leveraged for further attacks, such as phishing or identity theft.
---
Impact Assessment
#### For Federal Agencies
Under BOD 22-01, Federal Civilian Executive Branch (FCEB) agencies are required to remediate these vulnerabilities by the specified due date. Failure to comply could leave networks vulnerable to cyber threats, including data breaches, espionage, or disruptive attacks.
#### For Private Organizations
While BOD 22-01 does not legally bind private entities, the inclusion of these vulnerabilities in the KEV Catalog signals their severity. Organizations that delay patching risk:
- Data breaches leading to financial or reputational damage.
- Unauthorized access to corporate networks or customer data.
- Ransomware or malware infections if attackers exploit these flaws as entry points.
---
Mitigation Steps
1. Immediate Patching: Apply the latest security updates provided by Android or device manufacturers to address CVE-2025-48572 and CVE-2025-48633.
2. Vulnerability Scanning: Use automated tools to identify devices or systems that remain unpatched.
3. Network Segmentation: Isolate critical systems to limit the spread of potential attacks.
4. Monitoring and Detection: Deploy intrusion detection systems (IDS) to identify suspicious activity linked to these vulnerabilities.
5. User Awareness: Educate employees and users about the risks of phishing or social engineering attacks that may exploit these flaws.
---
Conclusion
The addition of CVE-2025-48572 and CVE-2025-48633 to CISA’s KEV Catalog underscores the urgency of addressing actively exploited vulnerabilities. While federal agencies face mandatory remediation deadlines, all organizations must prioritize patching to safeguard their systems. Proactive vulnerability management is essential to staying ahead of cyber threats in an increasingly hostile digital landscape.
For more details, refer to CISA’s [official advisory](https://www.cisa.gov/news-events/alerts/2025/12/02/cisa-adds-two-known-exploited-vulnerabilities-catalog).
---
References
[^1]: CISA. "[CISA Adds Two Known Exploited Vulnerabilities to Catalog](https://www.cisa.gov/news-events/alerts/2025/12/02/cisa-adds-two-known-exploited-vulnerabilities-catalog)". Retrieved 2025-01-24.
[^2]: CVE Details. "[CVE-2025-48572](https://www.cve.org/CVERecord?id=CVE-2025-48572)". Retrieved 2025-01-24.
[^3]: CVE Details. "[CVE-2025-48633](https://www.cve.org/CVERecord?id=CVE-2025-48633)". Retrieved 2025-01-24.