Local Denial of Service Vulnerability in Mediatek Bluetooth Driver
CVE-2025-20677

5.5MEDIUM

Key Information:

Vendor: MediaTek
Status: Mt7902, Mt7921, Mt7922, Mt7925, Mt7927
Vendor: CVE Published:; 2 June 2025

What is CVE-2025-20677?

A vulnerability exists in the Bluetooth driver developed by Mediatek that could lead to a system crash due to an uncaught exception. This issue allows a local denial of service to occur without requiring user interaction for exploitation. The problem has been associated with specific versions of the driver prior to the application of the patch, which aims to mitigate the risk of this vulnerability affecting user systems. For more information, please refer to the Mediatek security bulletin.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

MT7902, MT7921, MT7922, MT7925, MT7927 NB SDK release 3.6 and before

References

https://corp.mediatek.com/product-security-bulletin/June-...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 2, 2025
Vulnerability Reserved
Nov 1, 2024

JSON

MediaTek

What is CVE-2025-20677?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.