Google has issued an urgent security update for Android devices to address a critical vulnerability-tracked as CVE-2025-48593-that could allow attackers to remotely gain control of a phone or tablet without any user interaction. The flaw,described as a “zero-click” exploit,impacts devices running Android 13,14,15,and 16 and poses a notable risk to the vast Android ecosystem. The company is urging users to install the november 2025-11-01 patch as soon as it becomes available from their device manufacturer.
Google has patched a critical security vulnerability in the Android operating system that could have allowed attackers to completely take control of devices without any user interaction. The company is urging all Android users to update their devices immediately.
The vulnerability, tracked as CVE-2025-48593, resides in a core system component and enables attackers to remotely execute malicious code – a so-called “zero-click” exploit. This means a device could be compromised without the user clicking a link or opening a file, making it particularly dangerous.
Devices running Android 13, 14, 15, and 16 are affected, potentially placing the entire current Android ecosystem at risk. The widespread impact underscores the increasing sophistication of mobile threats and the importance of proactive security measures.
Zero-click exploits are highly prized by state-sponsored actors and professional hacking groups for targeted espionage due to their stealthy nature and ability to bypass typical security defenses. The ability to gain full device control without any user action makes this vulnerability a particularly valuable asset for cybercriminals.
Jetzt kostenloses Android‑Sicherheitspaket herunterladen
November-Patch schließt zwei kritische Lücken
The security patch, designated as November 2025-11-01, addresses the remote code execution (RCE) vulnerability and a second, “high” severity flaw (CVE-2025-48581). This second vulnerability could allow for local privilege escalation and potentially block future security updates.
Google notified its hardware partners a month prior to the public release, allowing companies like Samsung and Xiaomi to adapt the updates for their devices. The rollout is currently underway, though availability will vary depending on the manufacturer and specific device model.
Currently, there are no reports of active exploitation of this vulnerability. However, security experts warn that once vulnerabilities become public, attackers systematically analyze them for potential large-scale attacks.
So installieren Sie das Update
- Öffnen Sie die Einstellungen
- Navigieren Sie zu “Sicherheit & Datenschutz” oder “System”
- Wählen Sie “Systemupdate” oder “Sicherheitsupdate”
- Installieren Sie das Update mit Patch-Level 2025-11-01 oder neuer
Tipp: Aktivieren Sie automatische Updates, um künftig stets die neuesten Sicherheitspatches zu erhalten.
Permanenter Wettlauf zwischen Angreifern und Entwicklern
This November vulnerability highlights the ongoing and intensifying battle for mobile security. While security researchers work to identify and patch weaknesses, attackers are constantly seeking new entry points.
Prompt installation of security updates remains the most important line of defense. Manufacturers also have a crucial role to play in delivering Google’s patches quickly and reliably.
Google Play Protect, pre-installed on most Android devices, provides an additional layer of security by monitoring and blocking potentially harmful applications before installation.
Gratis‑Ratgeber anfordern: Android schützen
Google has released a critical security update for Android devices, addressing a vulnerability that could allow attackers to remotely take control of a device without any user interaction. The flaw, identified as CVE-2025-48593, impacts devices running Android versions 13 through 16.
The vulnerability lies within a central system component, enabling attackers to execute malicious code remotely – a “zero-click” exploit. This means users don’t need to open a malicious link or file; their devices could be compromised silently. The ease with which such exploits can be deployed makes them particularly concerning for both individual users and enterprise security.
Google released the patch as part of the November 2025-11-01 security update. The company informed hardware partners a month in advance, and updates are now rolling out to devices from manufacturers including Samsung and Xiaomi, though availability will vary.
In addition to the zero-click exploit, the November update also addresses a second vulnerability, CVE-2025-48581, which is classified as “high” severity. This flaw could allow attackers to escalate privileges locally and potentially prevent future security updates from being installed.
While there are currently no reports of active exploitation, security experts emphasize the importance of applying the update immediately. Once a vulnerability is publicly disclosed, it becomes a target for widespread attacks.
Android users can install the update by navigating to Settings > Security & Privacy (or System) > System update (or Security update) and selecting the update with patch level 2025-11-01 or newer. Enabling automatic updates is also recommended to ensure devices remain protected against future threats.
This incident underscores the ongoing arms race between security researchers and attackers in the mobile space. Maintaining robust mobile security requires constant vigilance and a commitment to rapid patching from both Google and device manufacturers.
