Out-of-Bounds Read Vulnerability in PlayReady by MediaTek
CVE-2025-20662

6.7MEDIUM

Key Information:

Vendor: MediaTek
Status: Mt9972
Vendor: CVE Published:; 7 April 2025

Summary

A vulnerability exists in PlayReady TA where a lack of proper bounds checking opens the door to an out-of-bounds read. This flaw allows an attacker, who has already gained System privileges, to potentially escalate their privileges without any user interaction. Mitigation through patches is essential to ensure continued security, particularly for systems utilizing PlayReady technology.

Affected Version(s)

MT9972 Android 12.0, 14.0

References

https://corp.mediatek.com/product-security-bulletin/April...

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 7, 2025
Vulnerability Reserved
Nov 1, 2024