Out-of-bounds write in MediaTek products - CVE-2025-20657
Published: April 7, 2025
Vulnerability identifier: #VU107023
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2025-20657
CWE-ID: CWE-787
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: MediaTek
Affected software:
MT6765
MT6768
MT6789
MT6833
MT8768
MT8771
MT8781
MT8786
MT8791T
MT6781
MT6853
MT6877
MT6885
MT6765
MT6768
MT6789
MT6833
MT8768
MT8771
MT8781
MT8786
MT8791T
MT6781
MT6853
MT6877
MT6885
Detailed vulnerability description
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within vdec. A local application can execute arbitrary code.
How to mitigate CVE-2025-20657
Install security update from vendor's website.