Skip to content
  • Blog Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form

MediaTek July 2025 Security Update Patches Vulnerabilities Affecting a Wide Range of Their Chipsets

Posted on July 8, 2025July 8, 2025 By CWS

MediaTek has launched a complete safety bulletin addressing 16 important vulnerabilities throughout its intensive chipset portfolio, affecting units from smartphones to IoT platforms. 

The replace, evaluated utilizing the Frequent Vulnerability Scoring System model 3.1 (CVSS v3.1), contains seven high-severity and 9 medium-severity vulnerabilities that influence Bluetooth, WLAN, and varied system elements. 

System OEMs acquired notifications and corresponding safety patches at the least two months previous to this publication, making certain sufficient preparation time for implementation throughout affected {hardware} platforms.

Key Takeaways1. 16 Vulnerabilities Mounted: MediaTek patched 7 high-severity and 9 medium-severity safety flaws utilizing CVSS v3.1 analysis.2. Impacts smartphones, tablets, IoT units, sensible shows, and TV chipsets throughout MediaTek’s product vary.3. Excessive-severity points allow privilege escalation, distant code execution, and system compromise with out person interplay.4. Medium-severity flaws trigger data disclosure and potential system crashes by way of driver vulnerabilities.

Excessive-Severity Vulnerabilities 

The safety bulletin identifies seven high-severity vulnerabilities (CVE-2025-20680 by way of CVE-2025-20686) that pose vital threats to system integrity. 

CVE-2025-20680 represents a heap overflow vulnerability in Bluetooth drivers affecting chipsets MT7902, MT7920, MT7921, MT7922, MT7925, and MT7927, categorised beneath CWE-122 (Heap Overflow) with potential for native escalation of privilege (EoP). 

This vulnerability stems from incorrect bounds checking in NB SDK launch 3.6 and earlier variations.

A number of WLAN AP driver vulnerabilities (CVE-2025-20681 by way of CVE-2025-20684) exhibit out-of-bounds write situations categorised as CWE-787, affecting chipsets together with MT6890, MT7615, MT7622, MT7663, MT7915, MT7916, MT7981, and MT7986. 

These vulnerabilities allow native privilege escalation with person execution privileges, requiring no person interplay for exploitation. 

Essentially the most regarding threats are CVE-2025-20685 and CVE-2025-20686, which allow distant code execution (RCE) by way of heap overflow situations in WLAN AP drivers, doubtlessly permitting attackers to execute arbitrary code with out extra privileges.

Medium-Severity Points 

9 medium-severity vulnerabilities (CVE-2025-20687 by way of CVE-2025-20695) primarily deal with data disclosure (ID) and denial of service (DoS) assault vectors. 

CVE-2025-20687 impacts Bluetooth drivers with out-of-bounds learn situations (CWE-125), resulting in native denial of service on affected chipsets. 

A number of WLAN vulnerabilities (CVE-2025-20688 by way of CVE-2025-20693) exhibit related out-of-bounds learn patterns, enabling data disclosure assaults throughout quite a few chipsets, together with MT6835, MT6878, MT6886, MT6897, MT6899, MT6985, MT6989, MT6990, MT6991, and varied MT7000 sequence processors.

Buffer underflow vulnerabilities (CVE-2025-20694 and CVE-2025-20695) in Bluetooth firmware current system crash dangers categorised as CWE-124, affecting intensive chipset ranges together with MT2718, MT6639, MT6653, MT8113, MT8115, MT8127, MT8163, MT8168, MT8169, MT8173, MT8183, MT8186, MT8188, MT8195, MT8196, MT8370, MT8390, MT8391, MT8395, MT8512, MT8516, MT8519, MT8676, MT8678, MT8695, MT8696, MT8698, MT8786, MT8792, MT8796, and MT8893.

CVETitleVulnerability TypeSeverityCVE-2025-20680Heap overflow in BluetoothElevation of PrivilegeHighCVE-2025-20681Out-of-bounds write in wlanElevation of PrivilegeHighCVE-2025-20682Out-of-bounds write in wlanElevation of PrivilegeHighCVE-2025-20683Out-of-bounds write in wlanElevation of PrivilegeHighCVE-2025-20684Out-of-bounds write in wlanElevation of PrivilegeHighCVE-2025-20685Heap overflow in wlanRCEHighCVE-2025-20686Heap overflow in wlanRCEHighCVE-2025-20687Out-of-bounds learn in BluetoothDenial of ServiceMediumCVE-2025-20688Out-of-bounds learn in wlanInformation DisclosureMediumCVE-2025-20689Out-of-bounds learn in wlanInformation DisclosureMediumCVE-2025-20690Out-of-bounds learn in wlanInformation DisclosureMediumCVE-2025-20691Out-of-bounds learn in wlanInformation DisclosureMediumCVE-2025-20692Out-of-bounds learn in wlanInformation DisclosureMediumCVE-2025-20693Out-of-bounds learn in wlanInformation DisclosureMediumCVE-2025-20694Buffer underflow in BluetoothDenial of ServiceMediumCVE-2025-20695Buffer underflow in BluetoothDenial of ServiceMedium

Mitigation Methods

The safety replace addresses vulnerabilities throughout MediaTek’s various product ecosystem, spanning smartphone chipsets, pill processors, AIoT units, sensible shows, OTT platforms, pc imaginative and prescient options, audio processing models, and tv chipsets. 

Affected software program variations embody Android 13.0, 14.0, 15.0, varied SDK releases as much as 7.6.7.2, openWRT 19.07, 21.02, 23.05, and Yocto 4.0 distributions. 

System producers should prioritize implementing these safety patches to mitigate potential exploitation dangers and keep system integrity throughout their product portfolios.

Examine dwell malware conduct, hint each step of an assault, and make sooner, smarter safety selections -> Attempt ANY.RUN now 

Cyber Security News Tags:Affecting, Chipsets, July, MediaTek, Patches, Range, Security, Update, Vulnerabilities, Wide

Post navigation

Previous Post: Ivanti Endpoint Manager Mobile Vulnerabilities Allow Attackers to Decrypt Other Users’ Passwords
Next Post: Microsoft Patch Tuesday July 2025: 130 Vulnerabilities Fixed Including 41 RCE

Related Posts

How to Stay Ahead of Vulnerabilities Cyber Security News
Russian Hackers Leverage Oracle Cloud Infrastructure to Scaleway Object Storage Cyber Security News
Hackers use Fake Cloudflare Verification Screen to Trick Users into Executing Malware Cyber Security News
Writable File in Lenovo’s Windows Directory Enables a Stealthy AppLocker Bypass Cyber Security News
Microsoft Outlook’s New Two-Click View for Encrypted Emails Protects From Accidental Exposure Cyber Security News
Threat Actors Abuse Windows Run Prompt to Execute Malicious Command and Deploy DeerStealer Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • How to Manage Security Patches in Organizations
  • Gold Melody IAB Exploits Exposed ASP.NET Machine Keys for Unauthorized Access to Targets
  • Top 5 Remote-Access And RMM Tools Most Abused By Threat Actors 
  • Reflectiz Now Available on the Datadog Marketplace
  • Microsoft Patches Wormable RCE Vulnerability in Windows and Windows Server

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • How to Manage Security Patches in Organizations
  • Gold Melody IAB Exploits Exposed ASP.NET Machine Keys for Unauthorized Access to Targets
  • Top 5 Remote-Access And RMM Tools Most Abused By Threat Actors 
  • Reflectiz Now Available on the Datadog Marketplace
  • Microsoft Patches Wormable RCE Vulnerability in Windows and Windows Server

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News