The warning applies to all Android devices, regardless of whether the manufacturer is Samsung, OnePlus, Xiaomi, or Honor.
The flaw, identified as CVE-2025-48593, affects Android versions starting from Android 13 and includes the very latest Android 16. Its preliminary severity score is set at 9.8 out of 10.
According to Google, the vulnerability allows attackers to target any Android device and make it execute malicious code of their choice. The exploit doesn't require elevated privileges, meaning the malicious code can run freely within the system once executed.
As the cybersecurity site GBHackers describes, the attacker can potentially gain full control over the victim's phone or tablet.
Google informed all Android manufacturers about the vulnerability a month before publicly disclosing it, so device makers would have time to respond and release security patches for their devices.
Now the recommendation for users is this:
Immediately check the date of your phone's most recent security update. If it's older than November 1, 2025, install all available system updates right away.
Security updates released on or after November 1st, 2025, include a fix for this newly discovered vulnerability.
You can usually find the status of your security updates (depending on the device model) by opening the Settings menu, selecting About phone, and then tapping Software version or Version. That screen typically displays the date of the latest security update.
According to Google, this is an operating system-level vulnerability, so installing or removing apps does not affect the level of risk. Antivirus apps also offer no protection against this kind of system-level flaw.
What if no new update is available?
We checked a few relatively new phones lying around, and only some of them had the November security update available.
Google didn't provide specific guidance for that situation, but online we found a GitHub page dedicated to the vulnerability, which explains how it works and outlines what users should do if a security update hasn't yet been released for their phone or tablet.
The very first thing you should do is turn on Google Play Protect. To do this, open the Play Store, tap your profile icon in the top-right corner, select Play Protect, then go to Settings. In that menu, you can see whether Play Protect is enabled and switch it on if it isn't.
Next, turn off WiFi completely. Don't just disconnect from your current network - disable WiFi entirely.
After that comes perhaps the most disruptive step: you also need to turn off Bluetooth completely. This will break connections to wireless headphones, smartwatches, and similar devices.
The reason is that both Bluetooth and WiFi can allow attackers to connect to your device. The mobile network, however, is managed by carriers and is therefore considered safe.
The situation changes only once a security update dated after early November 2025 is released for your device.
Note: If your phone has Android 12 or older, you're safe from this particular problem. However, you're running a four-year-old operating system, so you really should update the OS or buy a new phone/tablet.
Written by: Petteri Pyyny @ 8 Nov 2025 17:35
