Out of Bounds Write Vulnerability in MediaTek Devices
CVE-2025-20650

6.8MEDIUM

Key Information:

Vendor: MediaTek
Status: Mt2737, Mt6781, Mt6789, Mt6835, Mt6855, Mt6878, Mt6879, Mt6880, Mt6886, Mt6890, Mt6895, Mt6897, Mt6980, Mt6983, Mt6985, Mt6989, Mt6990, Mt8370, Mt8390, Mt8676, Mt8678
Vendor: CVE Published:; 3 March 2025

What is CVE-2025-20650?

This vulnerability in MediaTek devices arises from a missing bounds check, potentially allowing local privilege escalation. An attacker with physical access can exploit this issue, which necessitates user interaction for successful execution. Patching the vulnerability is crucial to safeguard against unauthorized access and maintain device integrity. More information can be found at MediaTek's security bulletin.

Affected Version(s)

MT2737, MT6781, MT6789, MT6835, MT6855, MT6878, MT6879, MT6880, MT6886, MT6890, MT6895, MT6897, MT6980, MT6983, MT6985, MT6989, MT6990, MT8370, MT8390, MT8676, MT8678 Android 13.0, 14.0, 15.0 / openWRT 21.02, 23.05 / Yocto 4.0 / RDK-B 22Q3, 24Q1

References

https://corp.mediatek.com/product-security-bulletin/March...

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 3, 2025
Vulnerability Reserved
Nov 1, 2024