Privilege Escalation Vulnerability in MediaTek clkdbg Component
CVE-2025-20743

4.2MEDIUM

Key Information:

Vendor: MediaTek
Status: Mt2718, Mt6761, Mt6765, Mt6768, Mt6781, Mt6853, Mt6877, Mt6886, Mt6893, Mt6897, Mt6899, Mt6983, Mt6989, Mt6991, Mt8113, Mt8163, Mt8168, Mt8169, Mt8183, Mt8186, Mt8188, Mt8195, Mt8196, Mt8321, Mt8365, Mt8385, Mt8390, Mt8391, Mt8512, Mt8516, Mt8519, Mt8676, Mt8678, Mt8695, Mt8696, Mt8698, Mt8755, Mt8766, Mt8768, Mt8771, Mt8775, Mt8781, Mt8786, Mt8788e, Mt8791t, Mt8792, Mt8793, Mt8796, Mt8797, Mt8798, Mt8873, Mt8883, Mt8893
Vendor: CVE Published:; 4 November 2025

What is CVE-2025-20743?

A vulnerability has been identified in the clkdbg component of MediaTek products that allows potential privilege escalation. This is due to a use-after-free condition that an attacker could exploit if they already possess system-level privileges. This flaw facilitates unauthorized access or increased privileges on the affected systems. Exploitation does not require user interaction, making it a significant risk. A patch has been released to mitigate this issue. For more information, refer to the official MediaTek security bulletin.

Affected Version(s)

MT2718, MT6761, MT6765, MT6768, MT6781, MT6853, MT6877, MT6886, MT6893, MT6897, MT6899, MT6983, MT6989, MT6991, MT8113, MT8163, MT8168, MT8169, MT8183, MT8186, MT8188, MT8195, MT8196, MT8321, MT8365, MT8385, MT8390, MT8391, MT8512, MT8516, MT8519, MT8676, MT8678, MT8695, MT8696, MT8698, MT8755, MT8766, MT8768, MT8771, MT8775, MT8781, MT8786, MT8788E, MT8791T, MT8792, MT8793, MT8796, MT8797, MT8798, MT8873, MT8883, MT8893 Android 14.0, 15.0, 16.0

References

https://corp.mediatek.com/product-security-bulletin/Novem...

CVSS V3.1

Score:

4.2

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 4, 2025
Vulnerability Reserved
Nov 1, 2024

JSON