Key Vulnerability Information Summary Android Security Bulletin—December 2025 Release Date: December 2025 Security Patch Level: 2025-12-01 and 2025-12-05 Key Vulnerability Overview Framework Component Critical Vulnerabilities: - CVE-2025-40130: High severity, may lead to remote denial of service (DoS), no additional execution privileges required. - CVE-2025-4334: High severity, may lead to information disclosure. Google Play System Updates: No security issues addressed. 2025-12-01 Security Patch Level Vulnerability Details 1. Framework Component - CVE-2025-48631: High severity, may lead to denial of service (DoS). - CVE-2025-48574: High severity, may lead to information disclosure (ID). 2. System - CVE-2025-48572: High severity, may lead to local privilege escalation. - CVE-2025-48590: High severity, may lead to information disclosure. 3. Kernel - CVE-2025-48623: Critical, may lead to local privilege escalation (not limited to x86 architecture). - CVE-2025-48624: High severity, may lead to information disclosure. 2025-12-05 Security Patch Level Vulnerability Details Kernel - CVE-2025-48623: High severity, may lead to local privilege escalation. - CVE-2025-48634: High severity, may lead to denial of service. Arm Components - CVE-2025-6349: High severity, may lead to information disclosure. - CVE-2025-8045: High severity, may lead to information disclosure. Imagination Technologies Components - CVE-2025-6573: High severity, may lead to privilege escalation. MediaTek Components - CVE-2025-1780: High severity, may lead to information disclosure. - CVE-2025-1781: High severity, may lead to privilege escalation. Unisoc Components - CVE-2025-8661: High severity, may lead to information disclosure. - CVE-2025-8662: High severity, may lead to privilege escalation. Qualcomm Components - CVE-2025-1115: High severity, may lead to privilege escalation. - CVE-2025-1116: High severity, may lead to information disclosure.