The two vulnerabilities are CVE-2025-48633, an information-disclosure flaw in Android's framework component, and CVE-2025-48572, an elevation-of-privilege bug also in the framework component. Both are ranked high severity, and according to Google, both "may be under limited, targeted exploitation." Both of these - plus an additional 105 security holes - all have patches, so it's a good idea to update your Android software ASAP.
This week's Java roundup for October 20th, 2025, features news highlighting: Oracle's Critical Patch Update (CPU) for October 2025; BellSoft CPU patches for Liberica JDK; the GA release of Grails 7.0; point releases for Micronaut, Hazelcast, LangChain4j and OpenXava; and the November 2025 beta release of Open Liberty.
October 2, 2025, marks the end of general support for VMware's version 7. After that, Broadcom won't release any new security patches or fixes, and you won't be able to log vendor support tickets for these versions. You'll still have access to previously published updates under the self-service policy (although this could change in time, but there won't be anything new coming.
