Main Vulnerability Database SB2025070835

SB2025070835 - Multiple vulnerabilities in MediaTek chipsets

Published: July 8, 2025 Updated: July 18, 2025

Security Bulletin ID SB2025070835

CSH Severity

High

Patch available

YES

Number of vulnerabilities 16

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 16 vulnerabilities.

1) Out-of-bounds read (CVE-ID: CVE-2025-20689)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to an incorrect bounds check within wlan. A local application can gain access to sensitive information.

2) Buffer Underwrite ('Buffer Underflow') (CVE-ID: CVE-2025-20695)

CWE-ID: CWE-124 - Buffer Underwrite ('Buffer Underflow')

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to an uncaught exception within Bluetooth. A local application can perform service disruption.

3) Buffer Underwrite ('Buffer Underflow') (CVE-ID: CVE-2025-20694)

CWE-ID: CWE-124 - Buffer Underwrite ('Buffer Underflow')

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to an uncaught exception within Bluetooth. A local application can perform service disruption.

4) Out-of-bounds read (CVE-ID: CVE-2025-20693)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to an incorrect bounds check within wlan. A local application can gain access to sensitive information.

5) Out-of-bounds read (CVE-ID: CVE-2025-20692)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to an incorrect bounds check within wlan. A local application can gain access to sensitive information.

6) Out-of-bounds read (CVE-ID: CVE-2025-20691)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to an incorrect bounds check within wlan. A local application can gain access to sensitive information.

7) Out-of-bounds read (CVE-ID: CVE-2025-20690)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to an incorrect bounds check within wlan. A local application can gain access to sensitive information.

8) Out-of-bounds read (CVE-ID: CVE-2025-20688)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to an incorrect bounds check within wlan. A local application can gain access to sensitive information.

9) Heap-based Buffer Overflow (CVE-ID: CVE-2025-20680)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to an incorrect bounds check within Bluetooth. A local application can execute arbitrary code.

10) Out-of-bounds read (CVE-ID: CVE-2025-20687)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to an incorrect bounds check within Bluetooth. A local application can perform service disruption.

11) Heap-based Buffer Overflow (CVE-ID: CVE-2025-20686)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to an incorrect bounds check within wlan. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.

12) Heap-based Buffer Overflow (CVE-ID: CVE-2025-20685)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to an incorrect bounds check within wlan. A remote attacker can trick the victim to open a specially crafted file and execute arbitrary code.

13) Out-of-bounds write (CVE-ID: CVE-2025-20684)

CWE-ID: CWE-787 - Out-of-bounds write

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to an incorrect bounds check within wlan. A local application can execute arbitrary code.

14) Out-of-bounds write (CVE-ID: CVE-2025-20683)

CWE-ID: CWE-787 - Out-of-bounds write

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to an incorrect bounds check within wlan. A local application can execute arbitrary code.

15) Out-of-bounds write (CVE-ID: CVE-2025-20682)

CWE-ID: CWE-787 - Out-of-bounds write

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to an incorrect bounds check within wlan. A local application can execute arbitrary code.

16) Out-of-bounds write (CVE-ID: CVE-2025-20681)

CWE-ID: CWE-787 - Out-of-bounds write

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to an incorrect bounds check within wlan. A local application can execute arbitrary code.

Remediation

Install update from vendor's website.

References

https://corp.mediatek.com/product-security-bulletin/July-2025

Vulnerable Software

MT6890: All versions
MT7615: All versions
MT7622: All versions
MT7663: All versions
MT7915: All versions
MT7916: All versions
MT7981: All versions
MT7986: All versions
MT6639: All versions
MT6653: All versions
MT6985: All versions
MT6989: All versions
MT6990: All versions
MT6991: All versions
MT7925: All versions
MT7927: All versions
MT8196: All versions
MT8678: All versions
MT8796: All versions
MT2718: All versions
MT8113: All versions
MT8115: All versions
MT8127: All versions
MT8163: All versions
MT8168: All versions
MT8169: All versions
MT8173: All versions
MT8183: All versions
MT8186: All versions
MT8188: All versions
MT8195: All versions
MT8370: All versions
MT8390: All versions
MT8391: All versions
MT8395: All versions
MT8512: All versions
MT8516: All versions
MT8519: All versions
MT8676: All versions
MT8695: All versions
MT8696: All versions
MT8698: All versions
MT8786: All versions
MT8792: All versions
MT8893: All versions
MT2737: All versions
MT6835: All versions
MT6878: All versions
MT6886: All versions
MT6897: All versions
MT6899: All versions
MT7902: All versions
MT7920: All versions
MT7921: All versions
MT7922: All versions
MT7923: All versions
MT7932: All versions

SB2025070835 - Multiple vulnerabilities in MediaTek chipsets

Breakdown by Severity

Description

Remediation

References

Please verify you're human