MediaTek July 2025 Security Update Patches Vulnerabilities Affecting a Wide Range of Their Chipsets

MediaTek July 2025 Security Update Patches Vulnerabilities Affecting a Wide Range of Their Chipsets

MediaTek has released a comprehensive security bulletin addressing 16 critical vulnerabilities across its extensive chipset portfolio, affecting devices from smartphones to IoT platforms. 

The update, evaluated using the Common Vulnerability Scoring System version 3.1 (CVSS v3.1), includes seven high-severity and nine medium-severity vulnerabilities that impact Bluetooth, WLAN, and various system components. 

Device OEMs received notifications and corresponding security patches at least two months prior to this publication, ensuring adequate preparation time for implementation across affected hardware platforms.

Google News

Key Takeaways
1. 16 Vulnerabilities Fixed: MediaTek patched 7 high-severity and 9 medium-severity security flaws using CVSS v3.1 evaluation.
2. Affects smartphones, tablets, IoT devices, smart displays, and TV chipsets across MediaTek's product range.
3. High-severity issues enable privilege escalation, remote code execution, and system compromise without user interaction.
4. Medium-severity flaws cause information disclosure and potential system crashes through driver vulnerabilities.

High-Severity Vulnerabilities 

The security bulletin identifies seven high-severity vulnerabilities (CVE-2025-20680 through CVE-2025-20686) that pose significant threats to system integrity. 

CVE-2025-20680 represents a heap overflow vulnerability in Bluetooth drivers affecting chipsets MT7902, MT7920, MT7921, MT7922, MT7925, and MT7927, classified under CWE-122 (Heap Overflow) with potential for local escalation of privilege (EoP). 

This vulnerability stems from incorrect bounds checking in NB SDK release 3.6 and earlier versions.

Multiple WLAN AP driver vulnerabilities (CVE-2025-20681 through CVE-2025-20684) exhibit out-of-bounds write conditions classified as CWE-787, affecting chipsets including MT6890, MT7615, MT7622, MT7663, MT7915, MT7916, MT7981, and MT7986. 

These vulnerabilities enable local privilege escalation with user execution privileges, requiring no user interaction for exploitation. 

The most concerning threats are CVE-2025-20685 and CVE-2025-20686, which enable remote code execution (RCE) through heap overflow conditions in WLAN AP drivers, potentially allowing attackers to execute arbitrary code without additional privileges.

Medium-Severity Issues 

Nine medium-severity vulnerabilities (CVE-2025-20687 through CVE-2025-20695) primarily focus on information disclosure (ID) and denial of service (DoS) attack vectors. 

CVE-2025-20687 affects Bluetooth drivers with out-of-bounds read conditions (CWE-125), leading to local denial of service on affected chipsets. 

Multiple WLAN vulnerabilities (CVE-2025-20688 through CVE-2025-20693) exhibit similar out-of-bounds read patterns, enabling information disclosure attacks across numerous chipsets, including MT6835, MT6878, MT6886, MT6897, MT6899, MT6985, MT6989, MT6990, MT6991, and various MT7000 series processors.

Buffer underflow vulnerabilities (CVE-2025-20694 and CVE-2025-20695) in Bluetooth firmware present system crash risks classified as CWE-124, affecting extensive chipset ranges including MT2718, MT6639, MT6653, MT8113, MT8115, MT8127, MT8163, MT8168, MT8169, MT8173, MT8183, MT8186, MT8188, MT8195, MT8196, MT8370, MT8390, MT8391, MT8395, MT8512, MT8516, MT8519, MT8676, MT8678, MT8695, MT8696, MT8698, MT8786, MT8792, MT8796, and MT8893.

CVE Title Vulnerability Type Severity
CVE-2025-20680 Heap overflow in Bluetooth Elevation of Privilege High
CVE-2025-20681 Out-of-bounds write in wlan Elevation of Privilege High
CVE-2025-20682 Out-of-bounds write in wlan Elevation of Privilege High
CVE-2025-20683 Out-of-bounds write in wlan Elevation of Privilege High
CVE-2025-20684 Out-of-bounds write in wlan Elevation of Privilege High
CVE-2025-20685 Heap overflow in wlan RCE High
CVE-2025-20686 Heap overflow in wlan RCE High
CVE-2025-20687 Out-of-bounds read in Bluetooth Denial of Service Medium
CVE-2025-20688 Out-of-bounds read in wlan Information Disclosure Medium
CVE-2025-20689 Out-of-bounds read in wlan Information Disclosure Medium
CVE-2025-20690 Out-of-bounds read in wlan Information Disclosure Medium
CVE-2025-20691 Out-of-bounds read in wlan Information Disclosure Medium
CVE-2025-20692 Out-of-bounds read in wlan Information Disclosure Medium
CVE-2025-20693 Out-of-bounds read in wlan Information Disclosure Medium
CVE-2025-20694 Buffer underflow in Bluetooth Denial of Service Medium
CVE-2025-20695 Buffer underflow in Bluetooth Denial of Service Medium

Mitigation Strategies

The security update addresses vulnerabilities across MediaTek’s diverse product ecosystem, spanning smartphone chipsets, tablet processors, AIoT devices, smart displays, OTT platforms, computer vision solutions, audio processing units, and television chipsets. 

Affected software versions include Android 13.0, 14.0, 15.0, various SDK releases up to 7.6.7.2, openWRT 19.07, 21.02, 23.05, and Yocto 4.0 distributions. 

Device manufacturers must prioritize implementing these security patches to mitigate potential exploitation risks and maintain system integrity across their product portfolios.

Investigate live malware behavior, trace every step of an attack, and make faster, smarter security decisions -> Try ANY.RUN now 


Source link