Several vulnerabilities have been discovered in the Google Android operating system, the most serious of which could allow remote code execution in the context of the affected component. According to the MITER ATT&CK framework, the exploitation of these vulnerabilities can be classified as follows:
Tactic: Execution (TA0002)
Technical: Operation for customer execution (T1203):
* Multiple vulnerabilities in Framework that could allow privilege escalation. (CVE-2026-0047, CVE-2025-32313, CVE-2025-48544, CVE-2025-48567, CVE-2025-48568, CVE-2025-48574, CVE-2025-48577, CVE-2025-48578, CVE-2025-48579, CVE-2025-48582, CVE-2025-48605, CVE-2025-48619, CVE-2025-48634, CVE-2025-48635, CVE-2025-48645, CVE-2025-48646, CVE-2025-48654, CVE-2026-0007, CVE-2026-0008, CVE-2026-0010, CVE-2026-0011, CVE-2026-0013, CVE-2026-0020, CVE-2026-0023, CVE-2026-0026, CVE-2026-0034)
* A vulnerability in the system that could allow remote code execution. (CVE-2026-0006)
* Several vulnerabilities in the system that could allow escalation of privileges. (CVE-2025-48602, CVE-2025-48641, CVE-2025-48650, CVE-2025-48653, CVE-2026-0017, CVE-2026-0021, CVE-2026-0035)
* Multiple vulnerabilities in the kernel that could allow escalation of privilege. (CVE-2024-43859, CVE-2026-0037, CVE-2026-0038, CVE-2025-38616, CVE-2025-38618, CVE-2025-39682, CVE-2025-39946, CVE-2026-0029, CVE-2026-0027, CVE-2026-0028, CVE-2026-0030, CVE-2026-0031, CVE-2025-39946, CVE-2025-40266, CVE-2026-0032)
* A vulnerability in Arm components. (CVE-2025-2879)
* Multiple vulnerabilities in Qualcomm components. (CVE-2025-47388, CVE-2025-47394, CVE-2025-47396, CVE-2025-47397, CVE-2025-47398, CVE-2025-59600, CVE-2026-21385)
* Multiple vulnerabilities in closed-source Qualcomm components. (CVE-2025-47339, CVE-2025-47346, CVE-2025-47348, CVE-2025-47366, CVE-2025-47378, CVE-2025-47385, CVE-2025-47395, CVE-2025-47402)
Details of lower severity vulnerabilities are as follows:
* Multiple vulnerabilities in Framework that could allow information disclosure. (CVE-2025-48630, CVE-2026-0012, CVE-2026-0025)
* Several vulnerabilities in Framework that could allow a denial of service. (CVE-2025-48644, CVE-2026-0014, CVE-2026-0015)
* Several vulnerabilities in the system that could allow a denial of service. (CVE-2025-48631, CVE-2025-48585, CVE-2025-48587, CVE-2025-48609)
* Multiple vulnerabilities in the system that could allow information disclosure. (CVE-2024-43766, CVE-2025-48642, CVE-2025-64783, CVE-2025-64784, CVE-2025-64893, CVE-2026-0005, CVE-2026-0024)
* Multiple vulnerabilities in Imagination Technologies components. (CVE-2025-10865, CVE-2025-13952, CVE-2025-58407, CVE-2025-58408, CVE-2025-58409, CVE-2025-58411, CVE-2026-21735)
* Multiple vulnerabilities in MediaTek components. (CVE-2025-20795, CVE-2026-20425, CVE-2026-20426, CVE-2026-20427, CVE-2026-20428, CVE-2026-20434, CVE-2025-20760, CVE-2025-20761, CVE-2025-20762, CVE-2025-20793, CVE-2025-20794, CVE-2026-20401, CVE-2026-20402, CVE-2026-20403, CVE-2026-20404, CVE-2026-20405, CVE-2026-20406, CVE-2026-20420, CVE-2026-20421, CVE-2026-20422)
* Multiple vulnerabilities in Unisoc components. (CVE-2025-61612, CVE-2025-61613, CVE-2025-61614, CVE-2025-61615, CVE-2025-61616, CVE-2025-69278, CVE-2025-69279)
Successful exploitation of the most severe of these vulnerabilities could enable remote code execution. Depending on the privileges associated with the exploited component, an attacker could then install programs; view, modify or delete data; or create new accounts with full rights.
