Security
Android June 2026 bulletin patches 124 CVEs including actively exploited CVE-2025-48595
- Category: Security
- Status: confirmed
- Sources: Android Security Bulletin
- Summary: Google's June 2026 Android Security Bulletin patches 124 CVEs across two patch levels (2026-06-01 and 2026-06-05). CVE-2025-48595 (CVSS 8.4) is a privilege escalation in the Framework component requiring no user interaction, actively exploited in the wild. It affects Android 14, 15, 16, and 16 QPR2. Security patch level 2026-06-05 or later addresses all issues. 18 CVEs are rated critical.
- Why it matters: Any Android deployment that surfaces Framework-level APIs to untrusted content should prioritize the June update; CVE-2025-48595 requires no user interaction for privilege escalation.