Main Vulnerability Database SB2025100848

SB2025100848 - Multiple vulnerabilities in MediaTek chipsets

Published: October 8, 2025

Security Bulletin ID SB2025100848

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 16

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 16 vulnerabilities.

1) Stack-based buffer overflow (CVE-ID: CVE-2025-20714)

CWE-ID: CWE-121 - Stack-based buffer overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to an incorrect bounds check within wlan. A local application can perform service disruption.

2) Out-of-bounds read (CVE-ID: CVE-2025-20724)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local application to gain access to sensitive information.

The vulnerability exists due to an incorrect bounds check within wlan. A local application can gain access to sensitive information.

3) Stack-based buffer overflow (CVE-ID: CVE-2025-20717)

CWE-ID: CWE-121 - Stack-based buffer overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to an incorrect bounds check within wlan. A local application can perform service disruption.

4) Out-of-bounds write (CVE-ID: CVE-2025-20716)

CWE-ID: CWE-787 - Out-of-bounds write

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to an incorrect bounds check within wlan. A local application can perform service disruption.

5) Out-of-bounds write (CVE-ID: CVE-2025-20715)

CWE-ID: CWE-787 - Out-of-bounds write

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to an incorrect bounds check within wlan. A local application can perform service disruption.

6) Out-of-bounds write (CVE-ID: CVE-2025-20723)

CWE-ID: CWE-787 - Out-of-bounds write

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to an incorrect bounds check within gnss. A local application can perform service disruption.

7) Integer overflow (CVE-ID: CVE-2025-20722)

CWE-ID: CWE-190 - Integer overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to an integer overflow within gnss. A local application can perform service disruption.

8) Stack-based buffer overflow (CVE-ID: CVE-2025-20713)

CWE-ID: CWE-121 - Stack-based buffer overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to an incorrect bounds check within wlan. A local application can perform service disruption.

9) Heap-based Buffer Overflow (CVE-ID: CVE-2025-20712)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to an incorrect bounds check within wlan. A local application can execute arbitrary code.

10) Out-of-bounds write (CVE-ID: CVE-2025-20721)

CWE-ID: CWE-787 - Out-of-bounds write

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to a missing bounds check within imgsensor. A local application can perform service disruption.

11) Heap-based Buffer Overflow (CVE-ID: CVE-2025-20720)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to an incorrect bounds check within wlan. A local application can execute arbitrary code.

12) Stack-based buffer overflow (CVE-ID: CVE-2025-20719)

CWE-ID: CWE-121 - Stack-based buffer overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to an incorrect bounds check within wlan. A local application can execute arbitrary code.

13) Stack-based buffer overflow (CVE-ID: CVE-2025-20718)

CWE-ID: CWE-121 - Stack-based buffer overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to an incorrect bounds check within wlan. A local application can execute arbitrary code.

14) Buffer overflow (CVE-ID: CVE-2025-20709)

CWE-ID: CWE-120 - Buffer overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to an incorrect bounds check within wlan. A local application can execute arbitrary code.

15) Integer overflow (CVE-ID: CVE-2025-20710)

CWE-ID: CWE-190 - Integer overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to an integer overflow within wlan. A local application can execute arbitrary code.

16) Improper Validation of Specified Type of Input (CVE-ID: CVE-2025-20711)

CWE-ID: CWE-1287 - Improper Validation of Specified Type of Input

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local application to execute arbitrary code.

The vulnerability exists due to an incorrect bounds check within wlan. A local application can execute arbitrary code.

Remediation

Install update from vendor's website.

References

https://corp.mediatek.com/product-security-bulletin/October-2025

Vulnerable Software

MT6890: All versions
MT7615: All versions
MT7622: All versions
MT7663: All versions
MT7915: All versions
MT7916: All versions
MT7981: All versions
MT7986: All versions
MT6835: All versions
MT6878: All versions
MT6886: All versions
MT6897: All versions
MT6899: All versions
MT6985: All versions
MT6989: All versions
MT6991: All versions
MT8676: All versions
MT8678: All versions
MT8775: All versions
MT8791T: All versions
MT8796: All versions
MT8873: All versions
MT6980D: All versions
MT6990: All versions
MT7990: All versions
MT7991: All versions
MT7992: All versions
MT7993: All versions
MT8195: All versions
MT8196: All versions
MT8370: All versions
MT8390: All versions
MT8395: All versions
MT8792: All versions
MT8793: All versions
MT7603: All versions

SB2025100848 - Multiple vulnerabilities in MediaTek chipsets

Breakdown by Severity

Description

Remediation

References

Please verify you're human