Security Flaw Detected in MediaTek Devices; CERT-In Issues High-Severity Alert

The Computer Emergency Response Team of India (CERT-In) has issued a high-severity cybersecurity alert following the discovery of multiple critical vulnerabilities in devices powered by MediaTek processors. The advisory, labeled CIVN-2025-0119, was released on June 11, 2025, warning users of potential threats affecting a wide range of internet-connected devices.

According to CERT-In, the vulnerabilities impact smartphones, tablets, laptops, smart TVs, Wi-Fi routers, and other IoT-enabled devices running on MediaTek chipsets. The reported flaws include:

• Heap overflow in Bluetooth and Wi-Fi stacks

• Null pointer dereference

• Incorrect authorization in IMS services

• Arbitrary recursion, which can lead to system instability or crashes

These weaknesses, if exploited, could allow cyber attackers to gain unauthorized access, escalate system privileges, or disrupt device functionality.

MediaTek has acknowledged the security issues and confirmed that it has developed the necessary patches, which have been shared with OEM partners. The company stated that the vulnerabilities were evaluated using the CVSS v3.1 system and are in the process of being addressed via software updates.

CERT-In has urged users to:

• Check for and install the latest software updates

• Avoid downloading suspicious or unauthorized applications

• Regularly monitor security settings on connected devices

This alert has been categorized as "high severity" due to the potential impact of the vulnerabilities on user privacy and device integrity. Users are advised to act promptly to safeguard their data and systems.