A new Android security warning has been issued, and it’s serious. Google and Samsung have issued an urgent Android fix to address a serious security vulnerability affecting millions of users. However, there will still be more than a billion Android users who will remain unprotected.

Google’s November 2025 Android security update includes only two fixes, but one of them is critical. The company warned that the most severe issue involves a system component vulnerability. This flaw could allow hackers to execute remote code on affected devices without needing any extra permissions.

The security issue, labeled CVE-2025-48593, is especially dangerous because it could let attackers take control of a phone remotely. Another bug, CVE-2025-48581, has also been identified and affects Android 16, but it is considered less severe. Google has not shared detailed information about either flaw, likely to prevent cybercriminals from exploiting them before users update their devices.

Samsung confirmed that the critical vulnerability has been patched in its November 2025 security update. This update also includes several other high-severity fixes for the Galaxy lineup. Samsung’s security updates are typically broader than Google’s basic monthly patches, offering extra protection for its devices.

However, the biggest concern remains for users with older phones. Millions of Android devices no longer receive security updates because they’ve reached the end of their support period. According to security firm Zimperium, around 25% of Android devices cannot be upgraded due to age. Even worse, more than half of all Android phones are currently running outdated software, leaving them vulnerable to attacks.

For Google Pixel users, the new update will roll out soon. Google said it shares details of these security issues with its partners at least a month before publishing them. However, manufacturers often take additional time to combine these fixes with their own firmware updates before releasing them to users. This delay means that many Android phones stay exposed for weeks—or even months—after vulnerabilities are discovered.

If you’re unsure whether your phone is still eligible for updates, it’s worth checking. Samsung and Google both provide online tools that let you verify if your device still receives official support. Phones that have reached their “end-of-life” status will no longer receive patches like this one, leaving them permanently open to security risks.

Experts warn that users with unsupported phones should be cautious. Avoid installing unknown apps, keep sensitive data off older devices, and consider upgrading to a newer model if possible.

This latest warning serves as a reminder of the ongoing challenges in Android’s security ecosystem. While Google and Samsung continue to improve their update systems, millions of users remain vulnerable due to slow rollouts and device fragmentation.

For now, if your phone is still eligible for updates, install the November patch as soon as it becomes available. And if it isn’t, it might be time to consider a new device—before hackers get there first.