NVD disclosure day

Published threat advisories for December 8, 2025

CVE advisoryKnown Exploit

CVE-2025-48633

Android Device Privilege Escalation Vulnerability.

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A logic error in Android's Device Policy Manager Service allows for privilege escalation by adding a Device Owner after provisioning. This impacts affected organizations by enabling local attackers to gain elevated device control without user interaction, posing a business risk to data and operations.

NVD published: • CISA KEV
CVE advisoryKnown Exploit

CVE-2025-48572

Android Privilege Escalation Vulnerability

Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.

A permissions bypass in the Android operating system framework allows for local privilege escalation without user interaction. This impacts organizations using affected Android devices by enabling attackers to gain elevated control and access. The realistic business risk involves unauthorized system access and potentia

NVD published: • CISA KEV