The vulnerability, identified as CVE-2025-48543, is a high-severity issue that could allow attackers to gain elevated control over affected devices.
On Thursday, September 4, 2025, CISA added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, signaling a confirmed and ongoing threat to users.
The vulnerability is described as a use-after-free vulnerability within the Android Runtime (ART), the core component responsible for executing applications on Android devices.
A malicious actor can exploit this type of memory corruption bug to bypass the robust security confines of the Chrome browser sandbox, resulting in local privilege escalation.
A successful exploit would effectively grant an attacker higher-level permissions on the device, transforming a low-privilege compromise into a significant system-wide breach. This could enable them to install persistent malware, access sensitive user data, or take further control of the compromised device.
According to the information released by CISA, the specific threat actors or the nature of the campaigns leveraging this exploit, such as its use in ransomware attacks, are currently unknown.
However, the inclusion in the KEV catalog confirms that security researchers have observed active exploitation in the wild, meaning attackers were using the flaw before a patch was publicly available.
In response to the active threat, CISA has issued a binding operational directive to all Federal Civilian Executive Branch (FCEB) agencies. These agencies are required to apply the necessary mitigations as instructed by the vendor by a deadline of September 25, 2025.
If patches are not available, agencies are instructed to discontinue the use of the product to prevent potential compromise.
Google has addressed the vulnerability in its September 2025 Android Security Bulletin, released on September 1. CISA’s advisory urges all organizations, as well as individual Android users, to prioritize installing this security update as soon as it is made available by their device manufacturer.
Given the severity of a privilege escalation flaw, all Android users are strongly encouraged to check for and apply the latest system updates immediately. To do so, users can typically navigate to Settings > System > System update.
Prompt patching remains the most critical defense against vulnerabilities that are being actively used in cyberattacks.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
The post CISA Warns of Android 0-Day Use-After-Free Vulnerability Exploited in Attacks appeared first on Cyber Security News.
The first official trailer has arrived for HBO's Lanterns ahead of its debut in August…
Google is bringing Canvas to everyone in the US using AI Mode in Search. The…
Audible has just unveiled a new subscription plan for 2026. The Audible Standard membership is…
If you're interested in dipping your toes in the world of 3D printing, you can't…
Amazon has finally dropped the preorder for the Pokémon TCG: Mega Evolution—Perfect Order Booster Bundle,…
The Cybersecurity and Infrastructure Security Agency (CISA) added a critical Qualcomm chipset vulnerability to its…
This website uses cookies.