Portuguese 
English 
Spanish 
4 min of reading 
0 comments 
Xiaomi Releases Urgent Update That Fixes 107 Security Vulnerabilities in Android, Including Zero-Day. Check If Your Smartphone Is on the List.
The December security update arrives as one of the most important in recent months for Xiaomi users. Google confirmed a robust package with 107 vulnerabilities fixed, including two zero-day vulnerabilities already exploited in real attacks. The update covers devices running Android 13, 14, 15, and 16, as well as Xiaomi devices with HyperOS, which directly rely on the monthly Android bulletin to keep the ecosystem secure. This is the first major wave of fixes affecting nearly all recent models and users need to check immediately if their device is within the update cycle.
Xiaomi tends to quickly incorporate Google’s security fixes, especially when zero-day vulnerabilities are involved. In December’s case, the focus is on protecting personal information, preventing privilege escalation, and reinforcing system integrity against silent attacks. With more Brazilian smartphones operating on HyperOS, the arrival of this package becomes crucial for those who need to keep their phones protected for professional, banking, and daily browsing use.
Xiaomi Update Fixes 107 Vulnerabilities and Includes Two Zero-Day Already Exploited in Attacks
According to the bulletin released last Tuesday (02), the update was divided into two main blocks. The first, 2025-12-01, brings 51 fixes focused on the structure and internal libraries of Android.
-
Researchers in the U.S. have created a flying robot that transforms into a land vehicle while still in the air. The technology, based on aerodynamic transition, converts landing into a scene worthy of Transformers and redefines mobility between sky and ground.
-
Spread across two continents, with 197 parabolic antennas in South Africa, 131,000 2-meter antennas in Australia, and a range of up to 150 km, the SKA begins to “listen” to the Universe on an unprecedented scale and accelerates the search for black holes, primitive galaxies, and nearly invisible radio signals.
-
Goodbye batteries: a new sensor created by Japanese scientists uses sweat as an energy source and points to a promising path for more sustainable devices, with greater autonomy and less need for frequent recharging.
-
The Brazilian Army inaugurated the assembly line for the Guaicurus armored vehicle with a contract for 420 units by 2033, and the same vehicle has already been tested in combat in Afghanistan and Lebanon by European armies.
The second, 2025-12-05, adds 56 adjustments to the Linux kernel and vendor modules. This separation allows each manufacturer — such as Xiaomi — to quickly implement the most critical patches while preparing the rest of the fixes for deeper layers of the system.
The highlights are the vulnerabilities CVE-2025-48633 and CVE-2025-48572, classified as zero-day. The first could allow improper exposure of sensitive information, while the second opened the way for privilege escalation, enabling an attacker to take over internal system processes.
Such vulnerabilities have already been used in corporate spyware attacks, especially against executives, journalists, and employees of technology companies. Therefore, experts stress that installing the fix as soon as possible is essential.
Fixes Also Involve Snapdragon, Dimensity, and Samsung Modules
In addition to the vulnerabilities directly addressed by Google, the December package includes critical updates from vendors. For Xiaomi users — who heavily depend on Qualcomm and MediaTek chips — this means security fixes in even deeper layers of hardware.
Qualcomm fixed serious vulnerabilities CVE-2025-47319 and CVE-2025-47372, related to memory issues and code execution. Premium devices with Snapdragon 8 Gen and mid-range devices with Snapdragon 6 and 7 Gen receive additional protection with this patch.
MediaTek, responsible for the Dimensity line used in various Redmi models, also provided specific fixes for its firmware, reducing exploitation risks via radio, connectivity, and internal codecs.
Even Samsung modules, used in sensors and drivers present in Xiaomi devices, have been updated, ensuring that the entire set of components is protected in the same way.
The Impact for Xiaomi Users and What to Expect in the Coming Days
As Xiaomi tends to quickly integrate Android patches into HyperOS, the trend is that devices launched between 2022 and 2025 will receive the update first, especially models from the Xiaomi 12, 13, 14, Redmi Note 12, 13, 14, and recent POCO lines.
Older models may receive only part of the fixes, depending on the manufacturer’s availability.
The first December packages have already started appearing in international markets and are expected to reach Brazil over the coming weeks.
For users relying on banking apps, corporate networks, and biometric authentication, keeping the system updated is crucial, especially in light of zero-day vulnerabilities.
How to Know If Your Xiaomi Is on the List
Xiaomi is expected to release individual bulletins for each line, and the quickest way to check is to access:
Settings → About Phone → HyperOS Version / Security Update.
If the patch level displays “2025-12-01” or “2025-12-05”, your device has already received the fixes. If not, it is recommended to force the search for an update or wait for the gradual rollout to your region.
Here Is the List of Devices That Are Guaranteed to Receive HyperOS 3 in December:
- Xiaomi 14 Ultra
- Xiaomi 14
- Xiaomi 14T Pro
- Xiaomi 14T
- Xiaomi MIX Flip
- Xiaomi Pad Mini
- Redmi Note 14 Pro 4G
- Redmi Note 14 4G
- Redmi 14C
- Redmi 13 / 13X
- Redmi Pad 2 (4G and Wi-Fi)
- POCO F6 Pro
- POCO X6 Pro
- POCO M7
- POCO M6
- POCO C75
Seja o primeiro a reagir!