CISA warns of active attacks exploiting Android, Linux bugs

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are exploiting vulnerabilities in the Linux kernel and Android operating system.

The most recent flaw the agency added to its Known Exploited Vulnerabilities (KEV) catalog, CVE-2025-48595, is a high-severity integer overflow vulnerability in the Android Framework, which can be leveraged for increased privileges.

According to Google’s recent security bulletin, the security issue impacts Android 14 through 16, and requires no user interaction to exploit.

Google indicated that CVE-2025-48595 may be under limited targeted exploitation in the wild, but provided no specific details about the activity or technical information about the flaw or the incidents.

The issue has been addressed with the release of June 2026 security patches (2026-06-01 and 2026-06-05 security patch levels).