Out of Bounds Read Vulnerability in MediaTek Products
CVE-2025-20651

4.1MEDIUM

Key Information:

Vendor: MediaTek
Status: Mt2737, Mt6781, Mt6789, Mt6835, Mt6855, Mt6878, Mt6879, Mt6880, Mt6886, Mt6890, Mt6895, Mt6897, Mt6980, Mt6983, Mt6985, Mt6989, Mt6990, Mt8370, Mt8390, Mt8676, Mt8678
Vendor: CVE Published:; 3 March 2025

What is CVE-2025-20651?

An out of bounds read vulnerability exists in MediaTek devices due to a missing bounds check. This flaw may allow an attacker with physical access to the device to disclose sensitive information, while requiring user interaction for successful exploitation. It highlights the crucial need for secure device management practices to mitigate potential risks.

Affected Version(s)

MT2737, MT6781, MT6789, MT6835, MT6855, MT6878, MT6879, MT6880, MT6886, MT6890, MT6895, MT6897, MT6980, MT6983, MT6985, MT6989, MT6990, MT8370, MT8390, MT8676, MT8678 Android 13.0, 14.0, 15.0 / openWRT 21.02, 23.05 / Yocto 4.0 / RDK-B 22Q3, 24Q1

References

https://corp.mediatek.com/product-security-bulletin/March...

CVSS V3.1

Score:

4.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 3, 2025
Vulnerability Reserved
Nov 1, 2024