Out of Bounds Write Vulnerability in MediaTek Devices
CVE-2025-20650
6.8MEDIUM
Key Information:
- Vendor
- MediaTek
- Vendor
- CVE Published:
- 3 March 2025
Summary
This vulnerability in MediaTek devices arises from a missing bounds check, potentially allowing local privilege escalation. An attacker with physical access can exploit this issue, which necessitates user interaction for successful execution. Patching the vulnerability is crucial to safeguard against unauthorized access and maintain device integrity. More information can be found at MediaTek's security bulletin.
Affected Version(s)
MT2737, MT6781, MT6789, MT6835, MT6855, MT6878, MT6879, MT6880, MT6886, MT6890, MT6895, MT6897, MT6980, MT6983, MT6985, MT6989, MT6990, MT8370, MT8390, MT8676, MT8678 Android 13.0, 14.0, 15.0 / openWRT 21.02, 23.05 / Yocto 4.0 / RDK-B 22Q3, 24Q1
References
CVSS V3.1
Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved