MediaTek has launched a complete safety bulletin addressing 16 important vulnerabilities throughout its intensive chipset portfolio, affecting units from smartphones to IoT platforms.
The replace, evaluated utilizing the Frequent Vulnerability Scoring System model 3.1 (CVSS v3.1), contains seven high-severity and 9 medium-severity vulnerabilities that influence Bluetooth, WLAN, and varied system elements.
System OEMs acquired notifications and corresponding safety patches at the least two months previous to this publication, making certain sufficient preparation time for implementation throughout affected {hardware} platforms.
Key Takeaways1. 16 Vulnerabilities Mounted: MediaTek patched 7 high-severity and 9 medium-severity safety flaws utilizing CVSS v3.1 analysis.2. Impacts smartphones, tablets, IoT units, sensible shows, and TV chipsets throughout MediaTek’s product vary.3. Excessive-severity points allow privilege escalation, distant code execution, and system compromise with out person interplay.4. Medium-severity flaws trigger data disclosure and potential system crashes by way of driver vulnerabilities.
Excessive-Severity Vulnerabilities
The safety bulletin identifies seven high-severity vulnerabilities (CVE-2025-20680 by way of CVE-2025-20686) that pose vital threats to system integrity.
CVE-2025-20680 represents a heap overflow vulnerability in Bluetooth drivers affecting chipsets MT7902, MT7920, MT7921, MT7922, MT7925, and MT7927, categorised beneath CWE-122 (Heap Overflow) with potential for native escalation of privilege (EoP).
This vulnerability stems from incorrect bounds checking in NB SDK launch 3.6 and earlier variations.
A number of WLAN AP driver vulnerabilities (CVE-2025-20681 by way of CVE-2025-20684) exhibit out-of-bounds write situations categorised as CWE-787, affecting chipsets together with MT6890, MT7615, MT7622, MT7663, MT7915, MT7916, MT7981, and MT7986.
These vulnerabilities allow native privilege escalation with person execution privileges, requiring no person interplay for exploitation.
Essentially the most regarding threats are CVE-2025-20685 and CVE-2025-20686, which allow distant code execution (RCE) by way of heap overflow situations in WLAN AP drivers, doubtlessly permitting attackers to execute arbitrary code with out extra privileges.
Medium-Severity Points
9 medium-severity vulnerabilities (CVE-2025-20687 by way of CVE-2025-20695) primarily deal with data disclosure (ID) and denial of service (DoS) assault vectors.
CVE-2025-20687 impacts Bluetooth drivers with out-of-bounds learn situations (CWE-125), resulting in native denial of service on affected chipsets.
A number of WLAN vulnerabilities (CVE-2025-20688 by way of CVE-2025-20693) exhibit related out-of-bounds learn patterns, enabling data disclosure assaults throughout quite a few chipsets, together with MT6835, MT6878, MT6886, MT6897, MT6899, MT6985, MT6989, MT6990, MT6991, and varied MT7000 sequence processors.
Buffer underflow vulnerabilities (CVE-2025-20694 and CVE-2025-20695) in Bluetooth firmware current system crash dangers categorised as CWE-124, affecting intensive chipset ranges together with MT2718, MT6639, MT6653, MT8113, MT8115, MT8127, MT8163, MT8168, MT8169, MT8173, MT8183, MT8186, MT8188, MT8195, MT8196, MT8370, MT8390, MT8391, MT8395, MT8512, MT8516, MT8519, MT8676, MT8678, MT8695, MT8696, MT8698, MT8786, MT8792, MT8796, and MT8893.
CVETitleVulnerability TypeSeverityCVE-2025-20680Heap overflow in BluetoothElevation of PrivilegeHighCVE-2025-20681Out-of-bounds write in wlanElevation of PrivilegeHighCVE-2025-20682Out-of-bounds write in wlanElevation of PrivilegeHighCVE-2025-20683Out-of-bounds write in wlanElevation of PrivilegeHighCVE-2025-20684Out-of-bounds write in wlanElevation of PrivilegeHighCVE-2025-20685Heap overflow in wlanRCEHighCVE-2025-20686Heap overflow in wlanRCEHighCVE-2025-20687Out-of-bounds learn in BluetoothDenial of ServiceMediumCVE-2025-20688Out-of-bounds learn in wlanInformation DisclosureMediumCVE-2025-20689Out-of-bounds learn in wlanInformation DisclosureMediumCVE-2025-20690Out-of-bounds learn in wlanInformation DisclosureMediumCVE-2025-20691Out-of-bounds learn in wlanInformation DisclosureMediumCVE-2025-20692Out-of-bounds learn in wlanInformation DisclosureMediumCVE-2025-20693Out-of-bounds learn in wlanInformation DisclosureMediumCVE-2025-20694Buffer underflow in BluetoothDenial of ServiceMediumCVE-2025-20695Buffer underflow in BluetoothDenial of ServiceMedium
Mitigation Methods
The safety replace addresses vulnerabilities throughout MediaTek’s various product ecosystem, spanning smartphone chipsets, pill processors, AIoT units, sensible shows, OTT platforms, pc imaginative and prescient options, audio processing models, and tv chipsets.
Affected software program variations embody Android 13.0, 14.0, 15.0, varied SDK releases as much as 7.6.7.2, openWRT 19.07, 21.02, 23.05, and Yocto 4.0 distributions.
System producers should prioritize implementing these safety patches to mitigate potential exploitation dangers and keep system integrity throughout their product portfolios.
Examine dwell malware conduct, hint each step of an assault, and make sooner, smarter safety selections -> Attempt ANY.RUN now
