Out of Bounds Read Vulnerability in MediaTek Products
CVE-2025-20651

4.1MEDIUM

Key Information:

Vendor

MediaTek
Status
Mt2737, Mt6781, Mt6789, Mt6835, Mt6855, Mt6878, Mt6879, Mt6880, Mt6886, Mt6890, Mt6895, Mt6897, Mt6980, Mt6983, Mt6985, Mt6989, Mt6990, Mt8370, Mt8390, Mt8676, Mt8678
Vendor
CVE Published:
3 March 2025

What is CVE-2025-20651?

An out of bounds read vulnerability exists in MediaTek devices due to a missing bounds check. This flaw may allow an attacker with physical access to the device to disclose sensitive information, while requiring user interaction for successful exploitation. It highlights the crucial need for secure device management practices to mitigate potential risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

MT2737, MT6781, MT6789, MT6835, MT6855, MT6878, MT6879, MT6880, MT6886, MT6890, MT6895, MT6897, MT6980, MT6983, MT6985, MT6989, MT6990, MT8370, MT8390, MT8676, MT8678 Android 13.0, 14.0, 15.0 / openWRT 21.02, 23.05 / Yocto 4.0 / RDK-B 22Q3, 24Q1

References

https://corp.mediatek.com/product-security-bulletin/March...

CVSS V3.1

Score:
4.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.