MediaTek today published its September 2025 Product Security Bulletin, disclosing and remediating a series of critical and moderate vulnerabilities in its modem and system components.
The announcement highlights that all affected device OEMs have already received patches for at least two months, and there is currently no evidence of any exploit in the wild.
According to the bulletin, three high-severity flaws and three medium-severity flaws were discovered and evaluated under the Common Vulnerability Scoring System version 3.1 (CVSS v3.1).
The vulnerabilities could enable remote or local privilege escalation and denial-of-service conditions in MediaTek-based devices when connected to specially crafted or rogue base stations, or when an attacker already holds certain privileges on the device.
| CVE Identifier | Title | Severity | Exploitation Impact |
| CVE-2025-20708 | Out-of-bounds write in Modem | High | Remote privilege escalation via rogue base station |
| CVE-2025-20703 | Out-of-bounds read in Modem | High | Remote denial of service via rogue base station |
| CVE-2025-20704 | Out-of-bounds write in Modem | High | Remote privilege escalation via rogue base station |
| CVE-2025-20705 | Use after free in monitor_hang | Medium | Local privilege escalation with System privilege |
| CVE-2025-20706 | Use after free in mbrain | Medium | Local privilege escalation with System privilege |
| CVE-2025-20707 | Use after free in geniezone | Medium | Local privilege escalation with System privilege |
The high-severity vulnerabilities include:
- CVE-2025-20708: An out-of-bounds write in the modem subsystem (CWE-787) could allow remote escalation of privilege without user interaction if a device connects to a rogue base station. This affects over 70 chipset models, including MT6853, MT6877, MT6899, MT6980, and MT8893, running modem firmware NR15 through NR17R.
- CVE-2025-20703: An out-of-bounds read in the modem subsystem (CWE-125) that could lead to remote denial of service under similar conditions, affecting many of the same chipset models and firmware versions.
- CVE-2025-20704: A second out-of-bounds write (CWE-787) in modem firmware NR17/NR17R that also enables remote privilege escalation but requires user interaction. This variant impacts a narrower subset of chipsets such as MT6835T, MT6878M, and MT8883.
The bulletin further outlines three medium-severity use-after-free vulnerabilities (CWE-416) in system components:
- CVE-2025-20705 in the monitor_hang driver could permit local privilege escalation if an attacker already has System privileges on devices running Android 13.0 through 16.0, OpenWRT 19.07/21.02, or Yocto 2.6. Affected chipsets include MT6765, MT6789, MT8169, and others.
- CVE-2025-20706 in the mbrain component impacts Android 14.0 and 15.0 on chipsets such as MT6989 and MT8678, potentially enabling local escalation.
- CVE-2025-20707 in the geniezone module affects Android 13.0 to 15.0 on chipsets including MT6853, MT8792, and MT8883, with similar local elevation risk.
MediaTek emphasizes that patches addressing all identified issues have been delivered to OEM partners, and device manufacturers are strongly urged to integrate these updates into firmware releases and coordinate downstream distribution.
The company reassures end users that proactive notification and remediation precede public disclosure, underscoring MediaTek’s commitment to chipset and product security.
This bulletin, version 1.0, was published on September 1, 2025. MediaTek advises OEMs and security researchers to verify the completeness of their chipset inventories against the affected list, as internal updates may introduce additional models.
For further inquiries or to report new vulnerabilities, OEMs and researchers should visit MediaTek’s Report Security Vulnerability page on the corporate website.
Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates!
Source link
