Out of Bounds Read Vulnerability in MediaTek Products
CVE-2025-20651

4.1MEDIUM

Summary

An out of bounds read vulnerability exists in MediaTek devices due to a missing bounds check. This flaw may allow an attacker with physical access to the device to disclose sensitive information, while requiring user interaction for successful exploitation. It highlights the crucial need for secure device management practices to mitigate potential risks.

Affected Version(s)

MT2737, MT6781, MT6789, MT6835, MT6855, MT6878, MT6879, MT6880, MT6886, MT6890, MT6895, MT6897, MT6980, MT6983, MT6985, MT6989, MT6990, MT8370, MT8390, MT8676, MT8678 Android 13.0, 14.0, 15.0 / openWRT 21.02, 23.05 / Yocto 4.0 / RDK-B 22Q3, 24Q1

References

CVSS V3.1

Score:
4.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.