CRITICAL🇵🇱 Wersja polska

CVE-2025-20680

CVSS 9.8v3.1pub. 2025-07-08upd. 2025-07-14

In Bluetooth driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418044; Issue ID: MSV-3482.

🤖 AI Analysis
How it works

The flaw consists of improper boundary verification in the Bluetooth driver code, allowing data to be written outside the designated heap buffer. An attacker with regular user-level privileges (User execution privileges) can trigger this flaw without requiring any interaction from the victim. Successful exploitation of the vulnerability can lead to gaining control over privileged system resources.

Impact

An attacker can achieve local privilege escalation, potentially gaining control over the device's operating system. The confidentiality, integrity, and availability of device data and resources are at risk.

Mitigation & patch

Apply the patch identified as WCNCR00418044 (Issue ID: MSV-3482) in accordance with the MediaTek security bulletin from July 2025 available at https://corp.mediatek.com/product-security-bulletin/July-2025. OEM device manufacturers should promptly implement the provided fixes in firmware updates for their products.

Who is affected

MediaTek chipsets: MT7902, MT7920, MT7925, MT7921, and MediaTek NB-IoT SDK. Detailed information about affected software versions can be found in manufacturer references.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Mediatek Mt7902

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt7920

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt7921

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt7922

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt7925

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt7927

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Nbiot Sdk

    APP
    Mediatek
    ≤ 3.6
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-20407CRITICAL9.3PL ✓ten sam produkt

Privilege escalation w sterowniku WLAN STA MediaTek — brak bounds check

CVE-2025-20672CRITICAL9.8PL ✓ten sam produkt

Przepełnienie bufora sterty w sterowniku Bluetooth — MediaTek MT79xx

CVE-2024-20148CRITICAL9.8PL ✓ten sam produkt

Out-of-bounds write w WLAN STA FW MediaTek — zdalne RCE

CVE-2024-20101CRITICAL9.8PL ✓ten sam produkt

MediaTek WLAN Driver — błąd zapisu poza buforem umożliwiający RCE

CVE-2024-20100CRITICAL9.8PL ✓ten sam produkt

MediaTek WLAN Driver — zapis poza granicami bufora umożliwia RCE