Out of Bounds Read Vulnerability in Mediatek GNSS Driver
CVE-2025-20722

Currently unrated

Key Information:

Vendor: MediaTek
Status: Mt6835, Mt6878, Mt6886, Mt6897, Mt6899, Mt6980d, Mt6985, Mt6989, Mt6990, Mt6991, Mt8676, Mt8678, Mt8775, Mt8791t, Mt8796, Mt8873
Vendor: CVE Published:; 14 October 2025

What is CVE-2025-20722?

The GNSS driver developed by Mediatek contains a significant out of bounds read vulnerability attributed to an integer overflow. By exploiting this flaw, an attacker with system privileges may gain access to sensitive local information without requiring any user interaction. This vulnerability, linked to patch ID ALPS09920036, underscores the importance of timely software updates to mitigate potential exploitation.

Affected Version(s)

MT6835, MT6878, MT6886, MT6897, MT6899, MT6980D, MT6985, MT6989, MT6990, MT6991, MT8676, MT8678, MT8775, MT8791T, MT8796, MT8873 Android 14.0, 15.0 / openWRT 21.02, 23.05 / RDKB 24Q1

References

https://corp.mediatek.com/product-security-bulletin/Octob...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2025
Vulnerability Reserved
Nov 1, 2024

JSON

MediaTek

What is CVE-2025-20722?

Affected Version(s)

References

Timeline