Out of Bounds Write Vulnerability in MediaTek Devices
CVE-2025-20696

6.8MEDIUM

Key Information:

Vendor: MediaTek
Status: Mt6739, Mt6761, Mt6765, Mt6768, Mt6781, Mt6789, Mt6813, Mt6833, Mt6835, Mt6853, Mt6855, Mt6877, Mt6878, Mt6879, Mt6883, Mt6885, Mt6886, Mt6889, Mt6893, Mt6895, Mt6897, Mt6899, Mt6983, Mt6985, Mt6989, Mt6990, Mt6991, Mt8188, Mt8196, Mt8370, Mt8390, Mt8676
Vendor: CVE Published:; 4 August 2025

What is CVE-2025-20696?

A potential out of bounds write issue has been identified in MediaTek devices due to the absence of a proper bounds check. This vulnerability allows for local escalation of privilege if an attacker has physical access to the affected device, requiring no additional execution privileges. Exploitation necessitates user interaction, emphasizing the importance of device security protocols. Ensure your MediaTek devices are updated and secured to mitigate this risk.

Affected Version(s)

MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6813, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6990, MT6991, MT8188, MT8196, MT8370, MT8390, MT8676 Android 13.0, 14.0, 15.0 / openWRT 21.02, 23.05 / Yocto 4.0 / RDK-B 24Q1 / Zephyr 3.7.0

References

https://corp.mediatek.com/product-security-bulletin/Augus...

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 4, 2025