CVE-2025-20657

CVE-2025-20657

Vendor Mediatek, Inc.
Product MT6765, MT6768, MT6781, MT6789, MT6833, MT6853, MT6877, MT6885, MT8768, MT8771, MT8781, MT8786, MT8791T
Weakness CWE-787
Published April 7, 2025
Last update February 26, 2026

CVSS base score

What the vulnerability does

01Description

In vdec, there is a possible permission bypass due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09486425; Issue ID: MSV-2609.

Key dates

02Disclosure timeline

April 7, 2025 CVE published
February 26, 2026 Record updated