The UAE Cyber Security Council recommends immediate network segmentation for critical infrastructure using affected chipsets and continuous monitoring for anomalous base station associations. The March 2025 Product Security Bulletin highlights three high severity vulnerabilities CVE-2025-20644, CVE-2025-20645, and CVE-2025-20646—affecting modem firmware, cryptographic key management, and Wi-Fi subsystems. Attackers within proximity can achieve remote privilege escalation without user interaction, compromising devices through unpatched Wi-Fi drivers in chips like the MT7663 (common in smart home hubs) and MT7986 (used in enterprise routers). As attackers increasingly target hardware supply chains, MediaTek’s response sets a critical precedent for silicon vendors balancing rapid innovation with robust security hygiene. These vulnerabilities impact over 37% of global smartphones and IoT devices using MediaTek’s MT67xx, MT68xx, and MT69xx series chipsets. These vulnerabilities compound existing risks from earlier disclosures, such as CVE-2024-20154, a critical modem flaw patched in January 2025 that allowed RCE via rogue cellular tower. Enterprises leveraging MediaTek’s Genio 1200 AIoT platforms should audit SDK versions, as vulnerabilities in 7.6.7.0 and earlier SDKs remain unpatched in legacy deployments. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Additionally, CVE-2025-20630 enables adjacent-network RCE in MediaTek’s MT7603 and MT7622 Wi-Fi SoCs, posing risks to industrial IoT deployments. Unpatched IoT devices, particularly those in smart cities and industrial control systems, face heightened risks of botnet recruitment or data exfiltration. According tot the Report, With MediaTek powering 1.5 billion devices annually, these vulnerabilities threaten sectors from consumer electronics to healthcare. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. This vulnerability affects devices running Android 14 and 15, including MediaTek’s automotive-grade MT2712 SoCs. Affected chipsets include the MT6833P (Dimensity 700 series) and MT6895TT (Dimensity 9000 series), widely used in mid-range 5G smartphones.
This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 03 Mar 2025 11:05:18 +0000