MediaTek, a leading global semiconductor company, has published its July 2025 Product Security Bulletin, revealing several critical and medium-severity vulnerabilities affecting a wide range of its chipsets.
The bulletin, released on July 8, 2025, details security flaws impacting smartphones, tablets, AIoT devices, smart displays, OTT platforms, computer vision, audio, and TV chipsets.
Device OEMs were notified at least two months before the public disclosure, allowing time for the integration of security patches.
High-Severity Vulnerabilities:
The bulletin identifies seven high-severity vulnerabilities, each assigned a unique Common Vulnerabilities and Exposures (CVE) code.
These include:
- CVE-2025-20680: Heap overflow in Bluetooth drivers (CWE-122). An incorrect bounds check may allow an attacker to perform an out-of-bounds write, leading to local elevation of privilege (EoP). Affected chipsets include MT7902, MT7920, MT7921, MT7922, MT7925, and MT7927, especially on NB SDK release 3.6 and earlier.
- CVE-2025-20681 to CVE-2025-20684: Out-of-bounds write vulnerabilities in WLAN AP drivers (CWE-787), affecting chipsets such as MT6890, MT7615, MT7622, MT7663, and MT7915.
- These flaws can enable local EoP without user interaction.
- CVE-2025-20685 and CVE-2025-20686: Heap overflows in WLAN AP drivers (CWE-122), which could allow remote code execution (RCE) on chipsets like MT6890, MT7915, MT7916, MT7981, and MT7986.
- Exploitation does not require additional privileges or user interaction.
Technical Example (Pseudo-code):
cif (index < buffer_size) {
buffer[index] = value; // Correct bounds check
} else {
// Vulnerable: No proper error handling
}
Incorrect bounds checks, as illustrated, can lead to heap overflows or out-of-bounds writes, enabling attackers to overwrite memory and potentially execute arbitrary code.
Medium-Severity Issues:
Nine medium-severity vulnerabilities were also disclosed, primarily involving out-of-bounds reads (CWE-125) and buffer underflows (CWE-124):
- CVE-2025-20687: Out-of-bounds read in Bluetooth drivers, leading to potential local denial of service (DoS).
- CVE-2025-20688 to CVE-2025-20692: Out-of-bounds reads in WLAN drivers, possibly resulting in local information disclosure (ID).
- CVE-2025–20693: Out-of-bounds read in WLAN STA drivers, which could allow remote information disclosure on various chipsets and platforms, including Android 13.0–15.0 and openWRT.
- CVE-2025-20694 and CVE-2025-20695: Buffer underflows in Bluetooth firmware, potentially causing remote DoS via system crashes.
Security Response and Recommendations
MediaTek has assessed all vulnerabilities using the Common Vulnerability Scoring System version 3.1 (CVSS v3.1), ensuring standardized severity ratings.
OEMs are urged to apply the provided security patches promptly to mitigate risks.
The company emphasizes that no user interaction is necessary for exploitation in most cases, increasing the urgency for updates.
For further details or to report new vulnerabilities, stakeholders are encouraged to contact MediaTek through their official security vulnerability reporting page.
The bulletin also notes that the list of affected chipsets may not be exhaustive, and ongoing vigilance is advised for all device manufacturers and integrators.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant updates
%20(1).webp?w=1200&resize=1200,0&ssl=1&description=The bulletin, released on July 8, 2025, details security flaws impacting smartphones, tablets, AIoT devices, smart displays, OTT platforms, computer vision, audio, and TV chipsets.){kind=link}