Integer Overflow Vulnerability in MediaTek Product
CVE-2025-20767

7.8HIGH

Key Information:

Vendor: MediaTek
Status: Mt2718, Mt6739, Mt6761, Mt6765, Mt6768, Mt6781, Mt6789, Mt6833, Mt6835, Mt6853, Mt6855, Mt6877, Mt6878, Mt6879, Mt6883, Mt6885, Mt6886, Mt6889, Mt6893, Mt6895, Mt6897, Mt6899, Mt6983, Mt6985, Mt6989, Mt6991, Mt8196, Mt8676, Mt8678, Mt8792, Mt8793
Vendor: CVE Published:; 2 December 2025

What is CVE-2025-20767?

An integer overflow vulnerability exists in MediaTek Display Solutions that could allow a local attacker to escalate privileges. This happens due to a flaw in the handling of display processes, which permits out-of-bounds writes. A malicious actor, having already gained System privileges, can exploit this vulnerability without needing any user interaction. MediaTek has issued a patch (ID: ALPS10196993) to address this critical issue, and it is recommended that users update their systems promptly to mitigate potential risks.

Affected Version(s)

MT2718, MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT8196, MT8676, MT8678, MT8792, MT8793 Android 14.0, 15.0, 16.0

References

https://corp.mediatek.com/product-security-bulletin/Decem...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 2, 2025
Vulnerability Reserved
Nov 1, 2024

JSON