Out of Bounds Write Vulnerability in MediaTek Devices
CVE-2025-20696

6.8MEDIUM

Key Information:

Vendor

MediaTek
Status
Mt6739, Mt6761, Mt6765, Mt6768, Mt6781, Mt6789, Mt6813, Mt6833, Mt6835, Mt6853, Mt6855, Mt6877, Mt6878, Mt6879, Mt6883, Mt6885, Mt6886, Mt6889, Mt6893, Mt6895, Mt6897, Mt6899, Mt6983, Mt6985, Mt6989, Mt6990, Mt6991, Mt8188, Mt8196, Mt8370, Mt8390, Mt8676
Vendor
CVE Published:
4 August 2025

What is CVE-2025-20696?

A potential out of bounds write issue has been identified in MediaTek devices due to the absence of a proper bounds check. This vulnerability allows for local escalation of privilege if an attacker has physical access to the affected device, requiring no additional execution privileges. Exploitation necessitates user interaction, emphasizing the importance of device security protocols. Ensure your MediaTek devices are updated and secured to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6813, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6990, MT6991, MT8188, MT8196, MT8370, MT8390, MT8676 Android 13.0, 14.0, 15.0 / openWRT 21.02, 23.05 / Yocto 4.0 / RDK-B 24Q1 / Zephyr 3.7.0

References

https://corp.mediatek.com/product-security-bulletin/Augus...

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

JSON
.