Information Disclosure Vulnerability in MediaTek Bluetooth Stack
CVE-2025-20649

6.5MEDIUM

Key Information:

Vendor: MediaTek
Status: Mt6880, Mt6890, Mt6980, Mt6990, Mt7663, Mt7902, Mt7925, Mt7927, Mt7961
Vendor: CVE Published:; 3 March 2025

Summary

An information disclosure vulnerability has been identified in the MediaTek Bluetooth Stack due to a missing permission check. This issue allows for potential remote exploitation by adjacent attackers, enabling them to access sensitive information without requiring user interaction or additional execution privileges. The vulnerability poses a risk to users of the affected Bluetooth Stack SW versions.

Affected Version(s)

MT6880, MT6890, MT6980, MT6990, MT7663, MT7902, MT7925, MT7927, MT7961 SDK release 3.6 and before / openWRT 23.05

References

https://corp.mediatek.com/product-security-bulletin/March...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 3, 2025
Vulnerability Reserved
Nov 1, 2024