GrapheneOS Watermelon CVE-2025-48561 is listed as fixed in https://source.android.com/docs/security/bulletin/2025-09-01 and subsequent patches for fixing additional issues not covered by that will not use the same CVE. The CVE refers to the specific patch they made in the September 2025 bulletin. There are separate CVEs for other fixes. If a patch only partially fixes an issue or doesn't fix it properly, they use additional CVEs for the additional patches. You're drawing an incorrect conclusion.
I didn't know the failed fix was already committed and part of the September bulletin. It sounded like it wasn't, so I didn't check it. Thanks