Out of Bounds Write Vulnerability in Bluetooth Driver by MediaTek
CVE-2025-20672
9.8CRITICAL
Key Information:
- Vendor
MediaTek
- Vendor
- CVE Published:
- 2 June 2025
What is CVE-2025-20672?
A vulnerability in the Bluetooth driver allows for a potential out of bounds write due to an improper bounds check, which may lead to local privilege escalation. Exploitation does not require user interaction, making it a crucial security concern for affected systems. Affected versions are identified and patches are available under patch ID WCNCR00412257. Users of the Bluetooth driver should implement the necessary updates to secure their devices.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
MT7902, MT7921, MT7922, MT7925, MT7927 NB SDK release 3.6 and before
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
