Out of Bounds Write Vulnerability in MediaTek's dpe Component
CVE-2025-20807

Currently unrated

Key Information:

Vendor

MediaTek
Status
Mt6899, Mt6991, Mt8793
Vendor
CVE Published:
6 January 2026

What is CVE-2025-20807?

The dpe component in MediaTek systems contains a vulnerability that allows for an out of bounds write stemming from an integer overflow. This imperfection can be exploited by a malicious actor who has already gained System privileges, leading to local privilege escalation without the need for user interaction. Users are urged to apply patch ID ALPS10114841 to mitigate this issue.

Affected Version(s)

MT6899, MT6991, MT8793 Android 16.0

References

https://corp.mediatek.com/product-security-bulletin/Janua...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-20807 : Out of Bounds Write Vulnerability in MediaTek's dpe Component