#VU112467 Buffer Underwrite ('Buffer Underflow') in MediaTek products - CVE-2025-20694

Vulnerability identifier: #VU112467

Vulnerability risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2025-20694

CWE-ID: CWE-124

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
MT2718
Mobile applications / Mobile firmware & hardware
MT6639
Mobile applications / Mobile firmware & hardware
MT6653
Mobile applications / Mobile firmware & hardware
MT6985
Mobile applications / Mobile firmware & hardware
MT6989
Mobile applications / Mobile firmware & hardware
MT6990
Mobile applications / Mobile firmware & hardware
MT6991
Mobile applications / Mobile firmware & hardware
MT7925
Mobile applications / Mobile firmware & hardware
MT7927
Mobile applications / Mobile firmware & hardware
MT8113
Mobile applications / Mobile firmware & hardware
MT8115
Mobile applications / Mobile firmware & hardware
MT8127
Mobile applications / Mobile firmware & hardware
MT8163
Mobile applications / Mobile firmware & hardware
MT8168
Mobile applications / Mobile firmware & hardware
MT8169
Mobile applications / Mobile firmware & hardware
MT8173
Mobile applications / Mobile firmware & hardware
MT8183
Mobile applications / Mobile firmware & hardware
MT8186
Mobile applications / Mobile firmware & hardware
MT8188
Mobile applications / Mobile firmware & hardware
MT8195
Mobile applications / Mobile firmware & hardware
MT8196
Mobile applications / Mobile firmware & hardware
MT8370
Mobile applications / Mobile firmware & hardware
MT8390
Mobile applications / Mobile firmware & hardware
MT8391
Mobile applications / Mobile firmware & hardware
MT8395
Mobile applications / Mobile firmware & hardware
MT8512
Mobile applications / Mobile firmware & hardware
MT8516
Mobile applications / Mobile firmware & hardware
MT8519
Mobile applications / Mobile firmware & hardware
MT8676
Mobile applications / Mobile firmware & hardware
MT8678
Mobile applications / Mobile firmware & hardware
MT8695
Mobile applications / Mobile firmware & hardware
MT8696
Mobile applications / Mobile firmware & hardware
MT8698
Mobile applications / Mobile firmware & hardware
MT8786
Mobile applications / Mobile firmware & hardware
MT8792
Mobile applications / Mobile firmware & hardware
MT8796
Mobile applications / Mobile firmware & hardware
MT8893
Mobile applications / Mobile firmware & hardware

Vendor: MediaTek

Description

The vulnerability allows a local application to perform service disruption.

The vulnerability exists due to an uncaught exception within Bluetooth. A local application can perform service disruption.

Mitigation
Install security update from vendor's website.

Vulnerable software versions

MT2718: All versions

MT6639: All versions

MT6653: All versions

MT6985: All versions

MT6989: All versions

MT6990: All versions

MT6991: All versions

MT7925: All versions

MT7927: All versions

MT8113: All versions

MT8115: All versions

MT8127: All versions

MT8163: All versions

MT8168: All versions

MT8169: All versions

MT8173: All versions

MT8183: All versions

MT8186: All versions

MT8188: All versions

MT8195: All versions

MT8196: All versions

MT8370: All versions

MT8390: All versions

MT8391: All versions

MT8395: All versions

MT8512: All versions

MT8516: All versions

MT8519: All versions

MT8676: All versions

MT8678: All versions

MT8695: All versions

MT8696: All versions

MT8698: All versions

MT8786: All versions

MT8792: All versions

MT8796: All versions

MT8893: All versions

---

External links
https://corp.mediatek.com/product-security-bulletin/July-2025

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.