CVE-2025-48595

HIGH KEV

Google Android - Integer Overflow or Wraparound

Title source: rule

Exploitation Summary

CVE-2025-48595 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added June 2, 2026. EIP tracks 2 public exploits from researchers including fevar54, HORKimhab.

AI-analyzed exploit summary The repository contains a functional proof-of-concept for CVE-2025-48595, an integer overflow vulnerability in the Android Framework. It includes native code (C) and a Java-based PoC demonstrating the overflow, along with a verification script to check device vulnerability.

Description

In multiple locations, there is a possible way to achieve code execution due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Exploits (2)

github WORKING POC

by fevar54 · shellpoc

https://github.com/fevar54/CVE-2025-48595-Android-Framework-Integer-Overflow-

View Code ZIP pw:eip

The repository contains a functional proof-of-concept for CVE-2025-48595, an integer overflow vulnerability in the Android Framework. It includes native code (C) and a Java-based PoC demonstrating the overflow, along with a verification script to check device vulnerability.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Android Framework (versions 14, 15, 16, 16-qpr2)

No auth needed

Prerequisites: Android device with vulnerable framework version · ability to execute native or Java code on the device

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548 - Abuse Elevation Control Mechanism

devstral-2 · analyzed Jun 10, 2026 Full analysis →

nomisec STUB

by HORKimhab · poc

https://github.com/HORKimhab/CVE-2025-48595

View Code ZIP pw:eip

The repository contains no functional exploit code, only a template structure with a README and LICENSE. It appears to be a placeholder for a future PoC.

Classification

Stub 95%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: unspecified

No auth needed

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Jun 03, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory

https://source.android.com/docs/security/bulletin/2026/2026-06-01

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-48595

Scores

CVSS v3 8.4

EPSS 0.0015

EPSS Percentile 4.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2026-06-02

VulnCheck KEV 2026-06-01

ENISA EUVD EUVD-2025-210013

CWE

CWE-190

Status published

Products (7)

google/android 14.0

google/android 15.0

google/android 16.0 (4 CPE variants)

Google/Android 14

Google/Android 15

Google/Android 16

Google/Android 16-qpr2

Published Jun 01, 2026

KEV Added Jun 02, 2026

Tracked Since Jun 02, 2026