Critical Android Framework Vulnerability Actively Exploited, CISA Issues Emergency Warning The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-48595 to its Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation of a severe integer overflow flaw in the Android Framework. The vulnerability, classified as CWE-190, allows attackers to execute arbitrary code and escalate local privileges on affected devices, potentially granting system-level access without user interaction. The flaw resides in the Android Framework layer, the core set of APIs and services underpinning Android applications. When triggered, the integer overflow enables local privilege escalation, meaning a low-privileged app or attacker with physical or local access can bypass security controls and execute malicious code in a higher-privileged context. While no ransomware links have been confirmed, the active exploitation status elevates the threat level for government and enterprise environments. CISA added the vulnerability to the KEV catalog on June 2, 2026, with a remediation deadline of June 23, 2026 a three-week window for federal agencies to apply mitigations. Under Binding Operational Directive (BOD) 22-01, all Federal Civilian Executive Branch (FCEB) agencies must address KEV-listed vulnerabilities within the specified timeframe. The vulnerability impacts a wide range of Android versions, including: - Android 14 - Android 15 - Android 16 - Android 16-QPR2 (Quarterly Platform Release 2) Enterprises managing Android fleets, MDM environments, BYOD deployments, and industrial/kiosk systems are at heightened risk due to the potential for local code execution. CISA recommends immediate action, including: - Applying vendor patches via OEM channels or Google’s Android Security Bulletin - Following BOD 22-01 guidance for cloud-connected and enterprise deployments - Discontinuing use of unpatched devices if mitigations cannot be applied in time - Restricting sideloading and enforcing strict app installation policies Organizations are advised to prioritize patch deployment through MDM platforms and verify device compliance with the latest security updates.