A number of crucial safety vulnerabilities affecting MediaTek smartphones, tablets, and IoT chipsets may permit attackers to escalate privileges and compromise system safety with out requiring any consumer interplay.
The Taiwan-based chipset producer printed its June 2025 Product Safety Bulletin, revealing seven Widespread Vulnerabilities and Exposures (CVEs) with severity rankings from excessive to medium severity, in accordance with CVSS v3.1.
Gadget producers have been notified of those safety flaws and supplied with corresponding patches no less than two months previous to public disclosure.
Excessive Severity Bluetooth Vulnerability
Probably the most extreme vulnerability recognized is CVE-2025-20672, categorised as a high-severity Elevation of Privilege (EoP) flaw affecting Bluetooth drivers throughout a number of MediaTek chipsets.
This vulnerability stems from a heap overflow situation categorized beneath CWE-122 Heap Overflow, the place an incorrect bounds verify within the Bluetooth driver creates the chance for out-of-bounds write operations.
The technical implementation of this vulnerability allows attackers to realize native privilege escalation with solely consumer execution privileges required, making it notably harmful since no consumer interplay is important for profitable exploitation.
The affected chipsets embody MT7902, MT7921, MT7922, MT7925, and MT7927, all operating NB SDK launch 3.6 and earlier variations.
This vulnerability was found by way of exterior safety analysis, highlighting the significance of third-party safety assessments in figuring out crucial flaws.
Medium Severity WLAN and Community Points
5 medium-severity vulnerabilities have been recognized throughout WLAN and community companies, presenting varied assault vectors for malicious actors.
CVE-2025-20673, CVE-2025-20675, and CVE-2025-20676 all contain NULL pointer dereference points categorised beneath CWE-476, affecting WLAN STA drivers on the identical chipset household because the Bluetooth vulnerability, reads the MediaTek advisory.
These Denial of Service (DoS) vulnerabilities may result in system crashes resulting from uncaught exceptions, requiring consumer execution privileges however no consumer interplay.
CVE-2025-20674 presents a very regarding distant assault vector by way of incorrect authorization in WLAN AP drivers, categorized beneath CWE-863, Incorrect Authorization.
This vulnerability impacts a broader vary of chipsets, together with MT6890, MT6990, MT7915, MT7916, MT7981, MT7986, MT7990, MT7992, and MT7993, probably permitting attackers to inject arbitrary packets resulting from lacking permission checks.
The vulnerability allows distant privilege escalation with out extra execution privileges, affecting gadgets operating SDK launch 7.6.7.2 and earlier, in addition to particular OpenWrt variations.
CVE-2025-20677 impacts Bluetooth drivers with one other NULL pointer dereference subject, whereas CVE-2025-20678 entails uncontrolled recursion in IMS companies, categorised beneath CWE-674 Uncontrolled Recursion.
The scope of those vulnerabilities extends far past particular person gadgets, with CVE-2025-20678 alone affecting over 80 totally different MediaTek chipsets spanning from MT6739 to MT8893 sequence.
This in depth chipset protection consists of standard smartphone processors, pill chipsets, and IoT-focused silicon used throughout quite a few system classes, together with Good TVs, Laptop Imaginative and prescient methods, and Audio platforms.
The IMS service vulnerability is especially regarding because it allows distant denial of service assaults when a tool connects to a rogue base station managed by an attacker, requiring no extra execution privileges or consumer interplay.
Affected software program variations embody Modem LR12A, LR13, NR15, NR16, NR17, and NR17R, indicating the vulnerability spans a number of generations of MediaTek’s modem implementations.
Gadget producers and customers should prioritize making use of accessible safety patches to mitigate these vulnerabilities, notably given their potential for exploitation with out consumer consciousness or interplay.
Stay Credential Theft Assault Unmask & Prompt Protection – Free Webinar
