Out of Bounds Write Vulnerability in MediaTek's mmdvfs Product
CVE-2025-20763

7.8HIGH

Key Information:

Vendor: MediaTek
Status: Mt6833, Mt6835, Mt6853, Mt6855, Mt6877, Mt6878, Mt6879, Mt6883, Mt6885, Mt6886, Mt6889, Mt6893, Mt6895, Mt6897, Mt6899, Mt6983, Mt6985, Mt6989, Mt6991, Mt8196, Mt8676, Mt8678, Mt8792, Mt8793, Mt8796, Mt8873, Mt8893
Vendor: CVE Published:; 2 December 2025

What is CVE-2025-20763?

A vulnerability in MediaTek's mmdvfs component has been identified, where a missing bounds check can result in an out of bounds write. This security flaw allows a malicious actor with existing System privileges to escalate their access level without requiring user interaction. The issue has been documented under Patch ID ALPS10267218 and Issue ID MSV-5032, highlighting the significance of timely patching to mitigate potential risks.

Affected Version(s)

MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT8196, MT8676, MT8678, MT8792, MT8793, MT8796, MT8873, MT8893 Android 14.0, 15.0, 16.0

References

https://corp.mediatek.com/product-security-bulletin/Decem...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 2, 2025
Vulnerability Reserved
Nov 1, 2024

JSON