Google released the Android Security Bulletin for December 2025 detailing critical and high-severity vulnerabilities affecting Android devices, with fixes anticipated in device-specific security updates.
The bulletin outlines vulnerabilities affecting Android 13 and later versions. These issues address a range of problems, including those within the Android Framework, as well as at the system and kernel levels. Manufacturers will deliver the necessary security updates to devices.
A critical vulnerability identified in the Android Framework allows for remote denial-of-service attacks without requiring additional privileges. System and kernel-level vulnerabilities, rated as most severe, could facilitate permission escalation, even with user input. The bulletin also lists vulnerabilities specific to Qualcomm, MediaTek, and Unisoc chipsets.
This December Security Bulletin details an extensive list of exploits, in contrast to the fewer issues noted in the October or November Bulletins. This broader report aligns with Google’s recent policy shift to a quarterly reporting cycle for security vulnerabilities.
Google also updated the Security Bulletins for Android Automotive and Wear OS; however, no new vulnerabilities were listed for either platform.
