Android December 2025 Security Bulletin: DFIR impact and fleet actions
Google published the Android Security Bulletin for December 2025 with patch levels 2025-12-01 and 2025-12-05. The most severe issue is a critical Framework vulnerability that enables remote denial of service; Google also notes two CVEs under limited, targeted exploitation. Source code patches land in AOSP within 48 hours of publication, then vendors integrate and ship updates. Verify exposure by checking each device’s reported patch level. (Android bulletin, Dec 1, 2025; Google Support: check patch level)