India’s nodal cybersecurity agency, the Indian Computer Emergency Response Team (CERT-In), has issued a high-severity alert regarding multiple vulnerabilities discovered in Android operating systems. The advisory, published on September 3, 2025, highlights serious flaws that could allow attackers to gain elevated privileges, access sensitive data, execute arbitrary code, or cause denial-of-service (DoS) attacks on affected devices.
Android devices affected
According to CERT-In, the vulnerabilities impact Android versions 13, 14, 15, and 16. The flaws are linked to multiple components of the operating system, including the Framework, Android Runtime, System, Widevine DRM, Project Mainline, Kernel, and hardware-specific components from ARM, Imagination Technologies, MediaTek, and Qualcomm. Both open-source and closed-source modules are affected, making the issue widespread across devices.
What's at risk?
The advisory categorizes the severity of these flaws as “High.” CERT-In warns that successful exploitation could result in unauthorized access to sensitive information, elevated privileges for attackers, system instability, and in severe cases, complete denial of service. For regular users, this translates into a significant risk of data theft, disruption of services, or malware infections.
Who should be concerned
The alert is directed at all Android OEMs as well as end-users. Given the scale of affected versions, the vulnerabilities potentially impact a vast majority of active Android smartphones, tablets, smartwatches, and other devices powered by the operating system.
Recommended action
CERT-In has strongly advised users and device manufacturers to immediately apply the latest security patches provided by Google. The September 2025 Android Security Bulletin details the necessary updates to address these vulnerabilities and prevent exploitation. Users are encouraged to regularly update their devices and avoid downloading applications from unverified sources to reduce exposure.
The official bulletin can be accessed here: Android Security Bulletin – September 2025.
Why it matters
Android’s dominance in the global smartphone market makes it a prime target for cyber attackers. Exploitable flaws in widely used versions can have cascading effects, potentially putting millions of users at risk worldwide. This latest warning from CERT-In underscores the importance of timely updates and proactive device security practices.
With the severity rating marked as “High,” users are urged not to delay software updates, as cybercriminals often exploit unpatched vulnerabilities quickly after advisories are made public.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
