Out of Bounds Read Vulnerability in PlayReady TA by MediaTek
CVE-2025-20660

6.7MEDIUM

Key Information:

Vendor: MediaTek
Status: Mt9972
Vendor: CVE Published:; 7 April 2025

What is CVE-2025-20660?

An out of bounds read vulnerability exists in PlayReady TA due to the absence of a proper bounds check. This loophole allows potential local escalation of privilege, assuming the attacker has already gained System privilege. The exploitation does not require user interaction, making it a significant concern for security. Timely application of patches is essential to mitigate the risks associated with this vulnerability, as noted in the Product Security Bulletin by MediaTek.

Affected Version(s)

MT9972 Android 12.0, 14.0

References

https://corp.mediatek.com/product-security-bulletin/April...

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 7, 2025
Vulnerability Reserved
Nov 1, 2024