CISA Issues Alert on Android 0-Day Use-After-Free Vulnerability Under Active Exploitation
gbhackersThe Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert for a newly discovered zero-day vulnerability in the Android Runtime component.
This “use-after-free” flaw could allow attackers to escape the Chrome sandbox and elevate privileges on an affected device.
CISA warns that the vulnerability is under active exploitation and urges organizations and users to apply mitigations without delay.
On September 4, 2025, CISA added this vulnerability to its catalog and set a due date of September 25, 2025, for applying available mitigations.
At this time, it is not known whether the flaw has been used in ransomware attacks, but its potential impact warrants immediate action.
| Product | Vulnerability | CVE Reference | Description |
| Android | Runtime Use-After-Free Vulnerability | CVE-2025-48543 | Android Runtime contains a use-after-free vulnerability potentially allowing a Chrome sandbox escape leading to local privilege escalation. |
A use-after-free vulnerability occurs when a program continues to use memory after it has been freed ...
Copyright of this story solely belongs to gbhackers . To see the full text click HERE