MediaTek has published its latest Product Security Bulletin, revealing several security vulnerabilities affecting a wide range of its chipsets used in smartphones, tablets, AIoT devices, smart displays, smart platforms, OTT devices, computer vision systems, audio equipment, and TVs.
Device OEMs were notified of these issues and provided with corresponding security patches at least two months before the public disclosure, in line with industry best practices.
Severity Assessment and Technical Overview
The assessment of these vulnerabilities was conducted using the Common Vulnerability Scoring System version 3.1 (CVSS v3.1), which is widely adopted for evaluating the severity of software vulnerabilities.
The bulletin identifies one high-severity vulnerability (CVE-2025-20672) and six medium-severity vulnerabilities (CVE-2025-20673 through CVE-2025-20678).
The vulnerabilities span multiple technical categories, including:
- Elevation of Privilege (EoP): Allows attackers to gain unauthorized access or privileges.
- Denial of Service (DoS): Enables attackers to disrupt normal functioning, leading to system crashes.
- CWE-122 Heap Overflow: A critical issue where improper bounds checking allows writing outside the allocated memory, potentially leading to privilege escalation.
- CWE-476 NULL Pointer Dereference: Occurs when a program attempts to use a null pointer, leading to crashes or denial of service.
- CWE-863 Incorrect Authorization: Involves missing permission checks, potentially allowing unauthorized actions.
- CWE-674 Uncontrolled Recursion: Excessive recursive calls can cause stack overflows and service disruptions.
Detailed Vulnerability Breakdown
The following table summarizes the reported vulnerabilities, their technical nature, and affected chipsets:
| CVE | Title | Severity | Vulnerability Type | CWE Code | Affected Chipsets | Affected Software Versions |
|---|---|---|---|---|---|---|
| CVE-2025-20672 | Heap overflow in Bluetooth | High | EoP | CWE-122 | MT7902, MT7921, MT7922, MT7925, MT7927 | NB SDK release 3.6 and before |
| CVE-2025-20673 | Null pointer dereference in wlan | Medium | DoS | CWE-476 | MT7902, MT7921, MT7922, MT7925, MT7927 | NB SDK release 3.6 and before |
| CVE-2025-20674 | Incorrect authorization in wlan | Medium | EoP | CWE-863 | MT6890, MT6990, MT7915, MT7916, MT7981, MT7986, MT7990, MT7992, MT7993 | SDK release 7.6.7.2 and before / OpenWrt 19.07, 21.02 (MT6890) / OpenWrt 21.02, 23.05 (MT6990) |
| CVE-2025-20675 | Null pointer dereference in wlan | Medium | DoS | CWE-476 | MT7902, MT7921, MT7922, MT7925, MT7927 | NB SDK release 3.6 and before |
| CVE-2025-20676 | Null pointer dereference in wlan | Medium | DoS | CWE-476 | MT7902, MT7921, MT7922, MT7925, MT7927 | NB SDK release 3.6 and before |
| CVE-2025-20677 | Null pointer dereference in Bluetooth | Medium | DoS | CWE-476 | MT7902, MT7921, MT7922, MT7925, MT7927 | NB SDK release 3.6 and before |
| CVE-2025-20678 | Uncontrolled recursion in ims service | Medium | DoS | CWE-674 | Extensive list (e.g., MT6739, MT6761, MT6890, MT6990, etc.) | Modem LR12A, LR13, NR15, NR16, NR17, NR17R |
Response and Industry Impact
MediaTek has proactively engaged with device manufacturers, ensuring that patches are available ahead of public disclosure.
The company emphasizes that the list of affected chipsets may not be exhaustive and encourages OEMs to contact their MediaTek representative for further clarification.
For users and enterprises, the timely application of security updates remains critical. MediaTek also invites researchers and stakeholders to report any additional vulnerabilities through its official channels.
Key Technical Terms:
- CVE (Common Vulnerabilities and Exposures): Unique identifiers for publicly known cybersecurity vulnerabilities.
- CWE (Common Weakness Enumeration): Standardized categories for software weaknesses.
- EoP, DoS, RCE: Abbreviations for Elevation of Privilege, Denial of Service, and Remote Code Execution, respectively.
MediaTek’s bulletin underscores the ongoing need for vigilance in the rapidly evolving landscape of embedded and connected device security.
Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!