CVE-2025-48595 in the Android Framework enables privilege escalation already being exploited on devices running Android 14 or newer and is being actively weaponized by commercial spyware and state-sponsored actors against journalists and decision-makers.