MediaTek has disclosed seven security vulnerabilities affecting a wide range of its chipsets used in smartphones, tablets, smart displays, and other connected devices, with the most severe Vulnerabilities enabling attackers to escalate privileges through Bluetooth without requiring any user interaction.
The semiconductor giant’s latest Product Security Bulletin, published on June 2, 2025, reveals that device manufacturers have been aware of these issues for at least two months, providing adequate time for patch development and deployment across affected products.
The most concerning vulnerability in this disclosure is CVE-2025-20672, rated as high severity under the Common Vulnerability Scoring System version 3.1 (CVSS v3.1).
This critical Vulnerabilities represents a heap overflow Vulnerabilities in MediaTek’s Bluetooth driver that could allow attackers to achieve local escalation of privilege with only user-level execution privileges required.
The Vulnerabilities stems from an incorrect bounds check that enables a possible out-of-bounds write operation, potentially giving malicious actors elevated system access.
The affected chipsets include the MT7902, MT7921, MT7922, MT7925, and MT7927 series, all running NB SDK release 3.6 and earlier versions.
What makes this Vulnerabilities particularly dangerous is that no user interaction is required for exploitation, meaning attackers could potentially leverage this flaw automatically once they gain initial access to a target device.
The Vulnerabilities was reported through external security research, highlighting the importance of collaborative security disclosure practices in the semiconductor industry.
MediaTek Vulnerabilities
Beyond the privilege escalation Vulnerabilities, MediaTek’s bulletin reveals five medium-severity vulnerabilities that primarily affect wireless connectivity components.
Four of these Vulnerabilities (CVE-2025-20673, CVE-2025-20675, CVE-2025-20676, and CVE-2025-20677) involve null pointer dereference issues that could lead to system crashes and denial of service conditions.
Three of these vulnerabilities target the WLAN STA driver, while one affects the Bluetooth driver.
These null pointer dereference vulnerabilities share common characteristics: they can cause system crashes due to uncaught exceptions, require user execution privileges, but critically, need no user interaction for exploitation.
The affected chipsets mirror those impacted by the Bluetooth heap overflow, suggesting a common codebase or development approach across MediaTek’s wireless connectivity implementations.
Additionally, CVE-2025-20674 presents a different attack vector through incorrect authorization in the WLAN AP driver.
This vulnerability could enable attackers to inject arbitrary packets due to missing permission checks, potentially leading to remote privilege escalation without requiring additional execution privileges.
Wide Range of Chipsets
According to Report, the scope of MediaTek’s Vulnerabilities disclosure extends far beyond traditional smartphone chipsets, encompassing products used in tablets, AIoT devices, smart displays, OTT platforms, computer vision systems, audio equipment, and television sets.
The most broadly impacting vulnerability, CVE-2025-20678, affects an extensive list of over 80 different chipset models spanning multiple product generations.
This particular Vulnerabilities involves uncontrolled recursion in the IMS (IP Multimedia Subsystem) service, which could enable remote denial of service attacks when a device connects to a rogue base station controlled by an attacker.
The Vulnerabilities affects modem software versions LR12A, LR13, NR15, NR16, NR17, and NR17R, demonstrating the widespread nature of the underlying code vulnerability across MediaTek’s product portfolio.
The comprehensive nature of these vulnerabilities underscores the interconnected security challenges facing modern connected devices, where a single codebase vulnerability can impact millions of devices across diverse product categories and use cases.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
%20(1).webp?w=1200&resize=1200,0&ssl=1 "Warning for WordPress Admins – Fake SEO Plugins Hijacking Websites")
%20(1).webp?w=1200&resize=1200,0&ssl=1 "Apache APISIX Flaw Enables Unauthorized Cross-Issuer Access Due to Misconfigurations")
%20(1).webp?w=1200&resize=1200,0&ssl=1 "Instagram Adopts Daily TLS Certificate Rotation with One-Week Validity")
