The Android June security patch is out, and it is not one to sit on. Google’s monthly update for June addresses 124 security vulnerabilities, one of which is already being actively exploited in the wild, making a prompt install more than routine housekeeping.
The vulnerability in question, tracked as CVE-2025-48595, is an escalation of privilege flaw in Android Framework. According to Google, attackers can exploit it to force their way into an administrative position on a target device and execute their own code, and users do not need to interact with anything to be at risk. It affects devices running Android 14 and newer, which covers a very large share of phones in active use right now.
What Makes CVE-2025-48595 Particularly Serious
Google has confirmed there is evidence of CVE-2025-48595 being under limited, targeted exploitation, giving it zero-day status. That means the flaw was being used against real targets before the patch reached the general public. Google says exploits so far appear to be targeted at high-profile individuals such as politicians or journalists, rather than indiscriminate mass attacks, though the company has disclosed little else about the scope.
The technical details add weight to that concern. Threat-Modeling.com reports the flaw carries a CVSS score of 8.4, placing it firmly in the high-severity bracket. Meanwhile, Malware News reports it is classified as an integer overflow (CWE-190) occurring across multiple locations within Android Framework, a type of flaw that can be particularly difficult to catch precisely because it tends to be spread across a codebase rather than sitting in one neat, patchable spot.
Threat-Modeling.com also notes that CISA has added CVE-2025-48595 to its Known Exploited Vulnerabilities catalog, with a remediation deadline of 5 June 2026 set for US federal agencies. That is not directly relevant to most Mancunians, but it is a reasonable signal of how seriously the security community is taking this one.
The Full Scope of the June Update
Beyond the zero-day, 18 of the 124 vulnerabilities fixed in this update are classified as critical. None of those 18 were being publicly exploited at the time Google issued the patch, but that window closes quickly once a patch ships: once the fix is public, working out what it repairs becomes significantly easier for anyone looking.
BleepingComputer reports that Google issued two sets of patches this cycle: the 2026-06-01 and 2026-06-05 security patch levels. The later batch bundles all fixes from the first, alongside additional patches for closed-source third-party components and kernel subcomponents. If you are checking your patch level, the 2026-06-05 level is the more complete of the two.
How to Install the Android June Security Patch
Google’s own Pixel devices receive these patches first, so Pixel owners can download and install the Android June security patch now. If you are on a Samsung Galaxy, OnePlus, Motorola, or another Android device, you are waiting on your manufacturer to push the update through, timelines vary by brand and model, and there is not much to be done about that except check regularly.
To see whether the update has arrived on your device, open Settings, tap About phone (or About tablet), then select Android version. If an update is pending, it will show there. Many phones will update automatically overnight, but it is worth confirming rather than assuming.
Keeping an older, unpatched version of Android running is a straightforward way to leave yourself exposed, particularly on a vulnerability that is already seeing exploitation in the field. The CISA deadline of 5 June 2026 for federal agencies gives a reasonable sense of the urgency involved: check your patch level today.
