Out of Bounds Write Vulnerability in MediaTek's mmdvfs Product
CVE-2025-20763

7.8HIGH

Key Information:

Vendor

MediaTek
Status
Mt6833, Mt6835, Mt6853, Mt6855, Mt6877, Mt6878, Mt6879, Mt6883, Mt6885, Mt6886, Mt6889, Mt6893, Mt6895, Mt6897, Mt6899, Mt6983, Mt6985, Mt6989, Mt6991, Mt8196, Mt8676, Mt8678, Mt8792, Mt8793, Mt8796, Mt8873, Mt8893
Vendor
CVE Published:
2 December 2025

What is CVE-2025-20763?

A vulnerability in MediaTek's mmdvfs component has been identified, where a missing bounds check can result in an out of bounds write. This security flaw allows a malicious actor with existing System privileges to escalate their access level without requiring user interaction. The issue has been documented under Patch ID ALPS10267218 and Issue ID MSV-5032, highlighting the significance of timely patching to mitigate potential risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT8196, MT8676, MT8678, MT8792, MT8793, MT8796, MT8873, MT8893 Android 14.0, 15.0, 16.0

References

https://corp.mediatek.com/product-security-bulletin/Decem...

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.