An attacker could exploit the flaw via crafted UPnP SOAP requests to execute OS commands on a vulnerable device. It is important to note that WAN access is disabled by default on these devices, and the attack can be carried out remotely only if both WAN access and the vulnerable UPnP function have been enabled.
In a post on X, Realme India's official account confirmed that the Realme 16 Pro and 16 Pro+ will now receive four years of Android OS updates and six years of security patches. At launch, the company had promised three years of Android updates and four years of security support.
The two vulnerabilities are CVE-2025-48633, an information-disclosure flaw in Android's framework component, and CVE-2025-48572, an elevation-of-privilege bug also in the framework component. Both are ranked high severity, and according to Google, both "may be under limited, targeted exploitation." Both of these - plus an additional 105 security holes - all have patches, so it's a good idea to update your Android software ASAP.
This week's Java roundup for October 20th, 2025, features news highlighting: Oracle's Critical Patch Update (CPU) for October 2025; BellSoft CPU patches for Liberica JDK; the GA release of Grails 7.0; point releases for Micronaut, Hazelcast, LangChain4j and OpenXava; and the November 2025 beta release of Open Liberty.
October 2, 2025, marks the end of general support for VMware's version 7. After that, Broadcom won't release any new security patches or fixes, and you won't be able to log vendor support tickets for these versions. You'll still have access to previously published updates under the self-service policy (although this could change in time, but there won't be anything new coming.
