What are the most critical MediaTek vulnerabilities disclosed?

Two vulnerabilities have the highest CVSS score of 9.8: CVE-2025-20672, a heap overflow in Bluetooth driver enabling local privilege escalation, and CVE-2025-20674, an incorrect authorization in WLAN AP driver enabling remote privilege escalation.

Which MediaTek chipsets are affected by the Bluetooth heap overflow vulnerability?

CVE-2025-20672, the heap overflow in Bluetooth driver, affects MT7902, MT7921, MT7922, MT7925, and MT7927 chipsets, enabling attackers to achieve local privilege escalation.

What chipsets are vulnerable to the WLAN AP driver authorization flaw?

CVE-2025-20674, the incorrect authorization in WLAN AP driver, affects MT6890, MT6990, MT7915, MT7916, MT7981, MT7986, MT7990, MT7992, and MT7993 chipsets, enabling remote privilege escalation attacks.

Which MediaTek vulnerability affects the most chipsets?

CVE-2025-20678, an uncontrolled recursion in IMS service with CVSS score 7.5, affects over 80 different MediaTek chipsets from MT6739 to MT8893 series, enabling remote denial of service attacks.

What are the null pointer dereference vulnerabilities in MediaTek chipsets?

Four vulnerabilities involve null pointer dereference issues with CVSS score 5.5: CVE-2025-20675, CVE-2025-20673, and CVE-2025-20676 affect WLAN STA drivers, while CVE-2025-20677 affects Bluetooth drivers. All affect MT7902, MT7921, MT7922, MT7925, and MT7927 chipsets and enable denial of service attacks.

Can attackers exploit MediaTek vulnerabilities remotely?

Yes, some MediaTek vulnerabilities can be exploited remotely. CVE-2025-20674 enables remote privilege escalation through incorrect authorization in WLAN AP driver, and CVE-2025-20678 enables remote denial of service attacks through uncontrolled recursion in IMS service.

Advisory

MediaTek reports multiple security flaws, one critical in multiple mobile phone chipsets

Q: What types of devices use the affected MediaTek chipsets?

The affected MediaTek chipsets are used in a wide range of devices including smartphones, tablets, AIoT devices, smart displays, smart platforms, OTT devices, computer vision systems, audio equipment, and television sets.

published: June 3, 2025

Take action: MediaTek has patched their vulnerabilities, but you can't apply the patches directly. You need to wait for your vendor that integrated the MediaTek chips to release an update. Best you can do is be diligent and monitor for an update from your vendor. For IoT implementations, reach out to your vendor for timeline of a patch.

Learn More

MediaTek has published its June 2025 Product Security Bulletin, patching seven security vulnerabilities that affect a range of its chipsets used in smartphones, tablets, AIoT devices, smart displays, smart platforms, OTT devices, computer vision systems, audio equipment, and television sets.

Vulnerability summary

CVE-2025-20672 (CVSS score 9.8) - Heap overflow in Bluetooth driver (High severity, EoP) affecting MT7902, MT7921, MT7922, MT7925, MT7927 chipsets. This vulnerability enables attackers to achieve local privilege escalation
CVE-2025-20674 (CVSS score 9.8) - Incorrect authorization in WLAN AP driver (Medium severity, EoP) affecting MT6890, MT6990, MT7915, MT7916, MT7981, MT7986, MT7990, MT7992, MT7993 chipsets. The vulnerability enables remote privilege escalation
CVE-2025-20678 (CVSS score 7.5) - Uncontrolled recursion in IMS service (Medium severity, DoS) affecting over 80 different MediaTek chipsets from MT6739 to MT8893 series. It enables remote denial of service attacks
CVE-2025-20675 (CVSS score 5.5) - Null pointer dereference in WLAN STA driver (Medium severity, DoS) affecting MT7902, MT7921, MT7922, MT7925, MT7927 chipsets
CVE-2025-20673 (CVSS score 5.5) - Null pointer dereference in WLAN STA driver (Medium severity, DoS) affecting MT7902, MT7921, MT7922, MT7925, MT7927 chipsets
CVE-2025-20676 (CVSS score 5.5) - Null pointer dereference in WLAN STA driver (Medium severity, DoS) affecting MT7902, MT7921, MT7922, MT7925, MT7927 chipsets
CVE-2025-20677 (CVSS score 5.5) - Null pointer dereference in Bluetooth driver (Medium severity, DoS) affecting MT7902, MT7921, MT7922, MT7925, MT7927 chipsets

MediaTek emphasized that the list of affected chipsets may not be exhaustive and encouraged device manufacturers to contact their MediaTek representatives for additional clarification and support.

MediaTek reports multiple security flaws, one critical in multiple mobile phone chipsets