Out of Bounds Write Vulnerability in MediaTek's SCP
CVE-2025-20668

7.8HIGH

Key Information:

Vendor: MediaTek
Status: Mt6878, Mt6897, Mt6899, Mt6989, Mt6991, Mt8775, Mt8796
Vendor: CVE Published:; 5 May 2025

What is CVE-2025-20668?

A security flaw exists in MediaTek's SCP that enables out of bounds write due to missing bounds checks. This vulnerability can allow a malicious actor, who has gained system privileges, to escalate their access without requiring user interaction. The issue is addressed in patch ID ALPS09625562. For more details, refer to MediaTek's product security bulletin.

Affected Version(s)

MT6878, MT6897, MT6899, MT6989, MT6991, MT8775, MT8796 Android 14.0, 15.0

References

https://corp.mediatek.com/product-security-bulletin/May-2025

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 5, 2025
Vulnerability Reserved
Nov 1, 2024