Memory Corruption Vulnerability in Geniezone by MediaTek
CVE-2025-20707

6.7MEDIUM

Key Information:

Vendor: MediaTek
Status: Mt2718, Mt6853, Mt6877, Mt6893, Mt6899, Mt6991, Mt8196, Mt8676, Mt8678, Mt8775, Mt8786, Mt8788e, Mt8791t, Mt8792, Mt8796, Mt8883, Mt8893
Vendor: CVE Published:; 1 September 2025

What is CVE-2025-20707?

In Geniezone, a serious memory corruption vulnerability exists due to the 'use after free' flaw. This allows for possible local escalation of privilege if an attacker has already gained system-level access. Notably, this vulnerability does not require user interaction for exploitation, making it a significant security concern for users.

Affected Version(s)

MT2718, MT6853, MT6877, MT6893, MT6899, MT6991, MT8196, MT8676, MT8678, MT8775, MT8786, MT8788E, MT8791T, MT8792, MT8796, MT8883, MT8893 Android 13.0, 14.0, 15.0

References

https://corp.mediatek.com/product-security-bulletin/Septe...

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 1, 2025
Vulnerability Reserved
Nov 1, 2024