CVE-2025-20639

CVE-2025-20639

Vendor Mediatek, Inc.

Product MT6739, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8167, MT8167S, MT8175, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8395, MT8666, MT8667, MT8673, MT8675, MT8678, MT8765, MT8766, MT876

Weakness CWE-787

Published February 3, 2025

Last update February 3, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2060.

Key dates

02Disclosure timeline

February 3, 2025 CVE published

February 3, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-20639 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/787.html

Related vulnerabilities

Identifiers

CVE CVE-2025-20639

CWE CWE-787

Affected versions

Vendor Mediatek, Inc.

Affected Android 12.0, 13.0, 14.0, 15.0

01Description

02Disclosure timeline

03References

04Related CVE