Zero-Click Alert: Google Patches Critical Android Flaw Allowing Remote Code Execution

Google has issued an urgent warning about a critical vulnerability in Android that allows attackers to execute arbitrary code on a device without any user interaction. The zero-click vulnerability, found in core system components, is detailed in the Android Security Bulletin for November 2025.

The flaw, identified as CVE-2025-48593, is considered one of the most severe in recent memory. It affects multiple versions of the Android Open Source Project (AOSP) — from Android 13 through 16 — and can be exploited for remote code execution (RCE) without requiring elevated privileges or user action.

According to Google, threat actors could exploit the bug by sending specially crafted network packets or by distributing malicious apps through third-party stores and sideload installations. A successful attack grants full control over the device, enabling data theft, ransomware deployment, or even conscription into a botnet. Internally, the issue is tracked as Android bug ID A-374746961 and has already been patched in the latest AOSP builds.

The root cause of the vulnerability lies in improper handling of system processes, which allows arbitrary code injection during routine operations — such as app launches or background data synchronization. Researchers note that its characteristics resemble previous memory corruption flaws that have been used for privilege escalation on Android devices.

The bulletin also highlights another high-severity issue, CVE-2025-48581, classified as a privilege escalation (EoP) vulnerability located within the same System component. Unlike the RCE flaw, exploiting this vulnerability requires prior system access, but it could allow malicious applications to gain unauthorized control over sensitive device functions.

Devices running Android 10 and newer are eligible to receive the security update, while users of older models may remain unprotected if manufacturers delay patch distribution. Google urges all users to promptly check for updates under Settings → System → System Update and to ensure their security patch level is 2025-11-01, which fully mitigates the issue.

Although no active exploits have been observed, Google warns that the vulnerability poses an exceptional risk to government officials, journalists, and public figures, who are often targeted in sophisticated espionage campaigns. Android fragmentation continues to be one of the ecosystem’s most pressing challenges, making timely vendor response critical to user safety. Experts recommend enabling automatic updates and avoiding app installations from unverified sources — still the most effective defense against the escalating tide of mobile threats.

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy