What is CVE-2025-20654 and how severe is it?

CVE-2025-20654 is an out-of-bounds write vulnerability in the WLAN service with a CVSS score of 9.8 (Critical). It could enable remote code execution without requiring additional execution privileges or user interaction. This affects multiple chipsets including MT6890, MT7622, MT7915, MT7916, MT7981, and MT7986 running specific SDK versions.

What is CVE-2025-20655 and how severe is it?

CVE-2025-20655 is an out-of-bounds read vulnerability in keymaster with a CVSS score of 5.3 (Medium). It could lead to local information disclosure if an attacker has already obtained System privileges.

What is CVE-2025-20656 and how severe is it?

CVE-2025-20656 is an out-of-bounds write vulnerability in DA with a CVSS score of 6.8 (Medium). It could enable local privilege escalation if an attacker has physical access to the device.

What is CVE-2025-20657 and how severe is it?

CVE-2025-20657 is an out-of-bounds write vulnerability in vdec with a CVSS score of 7.8 (High). It could result in privilege escalation through improper input validation.

What WLAN-related vulnerabilities were found in MediaTek chipsets?

There are three WLAN-related vulnerabilities: CVE-2025-20654, an out-of-bounds write vulnerability in the WLAN service (CVSS 9.8), and CVE-2025-20663 and CVE-2025-20664, both uncaught exception vulnerabilities in the WLAN AP driver (both CVSS 7.5) that could result in information disclosure.

What PlayReady vulnerabilities were discovered in MediaTek chipsets?

Three separate out-of-bounds read vulnerabilities were discovered in PlayReady TA within the drmserver component: CVE-2025-20660 (CVSS score 7.8), CVE-2025-20661 (CVSS score 6.7), and CVE-2025-20662 (CVSS score 6.7).

Which software platforms are affected by these MediaTek vulnerabilities?

The vulnerabilities impact a wide range of MediaTek chipsets across multiple software platforms including various Android versions (12.0, 13.0, 14.0, 15.0), OpenWrt (19.07, 21.02, 23.05), Yocto 4.0, RDK-B 24Q1, multiple Modem firmware versions (LR12A, LR13, NR15, NR16, NR17, NR17R), and various SDK releases.

Which is the most severe vulnerability among those reported by MediaTek?

The most severe vulnerability is CVE-2025-20654 with a CVSS score of 9.8 (Critical). It's an out-of-bounds write vulnerability in the WLAN service that could enable remote code execution without requiring additional execution privileges or user interaction.

Advisory

MediaTek fixes critical and high-severity vulnerabilities in multiple chipsets

Q: What vulnerabilities has MediaTek recently reported?

MediaTek has reported and is patching several security vulnerabilities affecting its wide range of chipsets used in smartphones, tablets, AIoT devices, smart displays, smart platforms, OTT, computer vision, audio, and TV products.

Q: Has MediaTek released patches for these vulnerabilities?

Yes, MediaTek has notified device OEMs of all these issues and provided corresponding security patches at least two months prior to the public disclosure.

published: April 7, 2025

Take action: MediaTek has patched their vulnerabilities, but you can't apply the patches directly. You need to wait for your vendor that integrated the MediaTek chips to release an update. Best you can do is be diligent and monitor for an update from your vendor. For IoT implementations, reach out to your vendor for timeline of a patch.

Learn More

MediaTek is reporting and patching several security vulnerabilities affecting its wide range of chipsets used in smartphones, tablets, AIoT devices, smart displays, smart platforms, OTT, computer vision, audio, and TV products.

Vulnerability summary:

CVE-2025-20654 (CVSS score 9.8): An out-of-bounds write vulnerability in the WLAN service that could enable remote code execution without requiring additional execution privileges or user interaction. This affects multiple chipsets including MT6890, MT7622, MT7915, MT7916, MT7981, and MT7986 running specific SDK versions.
CVE-2025-20655 (CVSS score 5.3): An out-of-bounds read vulnerability in keymaster that could lead to local information disclosure if an attacker has already obtained System privileges.
CVE-2025-20656 (CVSS score 6.8): An out-of-bounds write vulnerability in DA that could enable local privilege escalation if an attacker has physical access to the device.
CVE-2025-20657 (CVSS score 7.8): An out-of-bounds write vulnerability in vdec that could result in privilege escalation through improper input validation.
CVE-2025-20658 (CVSS score 6): An out-of-bounds write vulnerability in DA caused by a logic error that could lead to local privilege escalation with physical access to the device.
CVE-2025-20659 (CVSS score 7.5): An out-of-bounds read in Modem that could cause system crashes and remote denial of service.
CVE-2025-20660 (CVSS score 7.8), CVE-2025-20661 (CVSS score 6.7), CVE-2025-20662 (CVSS score 6.7): Three separate out-of-bounds read vulnerabilities in PlayReady TA within the drmserver component.
CVE-2025-20663, CVE-2025-20664 (both CVSS score 7.5): Two uncaught exception vulnerabilities in the WLAN AP driver that could result in information disclosure.

The vulnerabilities impact a wide range of MediaTek chipsets across multiple software platforms including:

Various Android versions (12.0, 13.0, 14.0, 15.0)
OpenWrt (19.07, 21.02, 23.05)
Yocto 4.0
RDK-B 24Q1
Multiple Modem firmware versions (LR12A, LR13, NR15, NR16, NR17, NR17R)
Various SDK releases

MediaTek has notified device OEMs of all these issues and provided corresponding security patches at least two months prior to this public disclosure.

MediaTek fixes critical and high-severity vulnerabilities in multiple chipsets

Read More
Critical security vulnerabilities patched in Google Chrome
Microsoft October 2023 patch fixes 3 actively hacked …
Google patches high severity vulnerability in Chrome Safe …
WinRAR Path Traversal Bug Actively Exploited in New …
Critical security vulnerability patched in qBittorrent