Out of Bounds Write Vulnerability in MediaTek Thermal Software
CVE-2025-20671

7HIGH

Key Information:

Vendor: MediaTek
Status: Mt2718, Mt6878, Mt6897, Mt6899, Mt6989, Mt6991, Mt8196, Mt8391, Mt8676, Mt8678
Vendor: CVE Published:; 5 May 2025

What is CVE-2025-20671?

The vulnerability in MediaTek's thermal software is caused by a race condition, potentially allowing an out of bounds write. A malicious actor with system privileges could exploit this weakness to escalate their privileges without user interaction. A patch has been issued to address the issue, denoted by Patch ID: ALPS09698599 and Issue ID: MSV-3228. Organizations using MediaTek products should apply the available patches to mitigate risk.

Affected Version(s)

MT2718, MT6878, MT6897, MT6899, MT6989, MT6991, MT8196, MT8391, MT8676, MT8678 Android 14.0, 15.0

References

https://corp.mediatek.com/product-security-bulletin/May-2025

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 5, 2025
Vulnerability Reserved
Nov 1, 2024