Out of Bounds Write Vulnerability in MediaTek Devices
CVE-2025-20650

6.8MEDIUM

Summary

This vulnerability in MediaTek devices arises from a missing bounds check, potentially allowing local privilege escalation. An attacker with physical access can exploit this issue, which necessitates user interaction for successful execution. Patching the vulnerability is crucial to safeguard against unauthorized access and maintain device integrity. More information can be found at MediaTek's security bulletin.

Affected Version(s)

MT2737, MT6781, MT6789, MT6835, MT6855, MT6878, MT6879, MT6880, MT6886, MT6890, MT6895, MT6897, MT6980, MT6983, MT6985, MT6989, MT6990, MT8370, MT8390, MT8676, MT8678 Android 13.0, 14.0, 15.0 / openWRT 21.02, 23.05 / Yocto 4.0 / RDK-B 22Q3, 24Q1

References

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.