CVE-2025-48595 is a high-severity integer overflow in the Android Framework that enables local privilege escalation to arbitrary code execution at elevated privilege. CISA confirmed active exploitation and set a remediation deadline of June 5, 2026. Organizations managing corporate Android fleets, BYOD programs, or kiosk deployments face elevated risk from targeted attacks using malicious applications or physical device access.