indian govt icon with aler symbol and mediatek logo

Security Breach Alert: Indian Government Warns of Vulnerabilities in Devices Using MediaTek Processors

The Indian Computer Emergency Response Team (CERT-In) has issued a high-severity alert regarding critical vulnerabilities affecting a wide range of devices powered by MediaTek chips. The advisory (CIVN-2025-0119) highlights significant security flaws that could allow attackers to gain elevated privileges or disrupt services, impacting smartphones, laptops, smart TVs, tablets, routers, and other smart home devices.

What’s the Warning? CERT-In’s advisory indicates that successful exploitation of these vulnerabilities could lead to data theft, unauthorized access, or denial-of-service (DoS) conditions. The issues arise from heap overflows, null pointer dereferencing in Bluetooth and Wi-Fi modules, incorrect WLAN authorization, and uncontrolled recursion in IMS (IP Multimedia Subsystem) services.

Complete List of Affected Devices Connectivity and Wi-Fi SoC:

MT7902: MediaTek Wi-Fi 6E Wireless LAN Card MT7921: MediaTek Wi-Fi 6 Chipset MT7922: MediaTek Wi-Fi 6E Wireless LAN Card (also known as RZ616) MT7925: MediaTek Filogic 360 (Wi-Fi 7/Bluetooth 5.4 SoC) MT7927: MediaTek Filogic 380 (Wi-Fi 7 Module) MT7915: Wi-Fi 6 (11ax) 4T4R Mini PCIe Module MT7916: MediaTek Filogic 630 MT7981: Dual-core ARM Cortex-A53 based Wi-Fi SoC MT7986: MediaTek Filogic 830 (Quad-core ARM Cortex-A53) MT7990: Wi-Fi 7 AP Module chipset MT7992: Wi-Fi 6E and Bluetooth 5.3 component MT7993: Part of the Dimensity 9300+ platform for Wi-Fi and Bluetooth Dimensity and Helio Series Processors: The majority of the remaining model numbers belong to MediaTek's Dimensity (5G-enabled) and Helio (4G-focused) series of smartphone and processors

Automotive and Tablet Processors:

MT8666: MediaTek Kompanio 500 MT8667: A variant in the automotive or tablet SoC lineup MT8673: A variant in the automotive or tablet SoC lineup MT8675: MediaTek Autus I20 (Automotive) MT8676: A variant in the automotive or tablet SoC lineup MT8678: A variant in the automotive or tablet SoC lineup MT8765: A variant of the Helio P35 for tablets MT8766: MediaTek MT8766 MT8766R: A variant of the MT8766 MT8768: MediaTek Helio P22T MT8771: A variant for tablets or other smart devices MT8781: A variant of the Helio G99 for tablets MT8786: MediaTek Helio G80 for tablets MT8788: MediaTek MT8788 MT8788E: A variant of the MT8788 MT8789: MediaTek Helio G99 MT8791: MediaTek Kompanio 1300T MT8791T: MediaTek Kompanio 1300T MT8795T: A variant in the Kompanio series MT8797: MediaTek Helio X20/X25 for tablets MT8798: A variant in the Kompanio series MT8863: A variant for smart devices MT8873: A variant for smart devices MT8883: A variant for smart devices MT8893: A variant for smart devices Who is Affected? All individuals and organizations using smartphones, laptops, TVs, tablets, Wi-Fi routers, or smart devices powered by the MediaTek chipsets listed above are affected.

What Should Users Do? CERT-In strongly advises users to install security patches issued by MediaTek. Device manufacturers are expected to release updates based on MediaTek’s June 2025 security bulletin. In the meantime, users should refrain from connecting vulnerable devices to unsecured networks.

Associated CVEs: CVE-2025-20672 CVE-2025-20673