CISA adds Android Framework vulnerabilities to KEV catalog

Two Android Framework issues — one enabling privilege escalation and another allowing information disclosure — were added to the Known Exploited Vulnerabilities (KEV) Catalog after evidence of active exploitation, and are identified as posing risks to the federal enterprise.

The catalog entries are listed as CVE-2025-48572, noted as an Android Framework Privilege Escalation Vulnerability, and CVE-2025-48633, noted as an Android Framework Information Disclosure Vulnerability.

The advisory states these types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01 established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVE) and requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats.

Although BOD 22-01 applies only to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice, and CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.