CVE-2025-20656

In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09625423; Issue ID: MSV-3033.

CVSS v3 6.8 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://corp.mediatek.com/product-security-bulletin/April-2025	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:linuxfoundation:yocto:4.0:::::::*
	cpe:2.3:a:rdkcentral:rdk-b:2024q1:::::::*
	cpe:2.3:o:google:android:12.0:::::::*
	cpe:2.3:o:google:android:13.0:::::::*
	cpe:2.3:o:google:android:14.0:::::::*
	cpe:2.3:o:google:android:15.0:::::::*
	cpe:2.3:o:openwrt:openwrt:21.02.0:-::::::
	cpe:2.3:o:openwrt:openwrt:23.05:::::::*

OR	cpe:2.3:h:mediatek:mt6781:-:::::::*
	cpe:2.3:h:mediatek:mt6789:-:::::::*
	cpe:2.3:h:mediatek:mt6835:-:::::::*
	cpe:2.3:h:mediatek:mt6855:-:::::::*
	cpe:2.3:h:mediatek:mt6878:-:::::::*
	cpe:2.3:h:mediatek:mt6879:-:::::::*
	cpe:2.3:h:mediatek:mt6886:-:::::::*
	cpe:2.3:h:mediatek:mt6895:-:::::::*
	cpe:2.3:h:mediatek:mt6897:-:::::::*
	cpe:2.3:h:mediatek:mt6983:-:::::::*
	cpe:2.3:h:mediatek:mt6985:-:::::::*
	cpe:2.3:h:mediatek:mt6989:-:::::::*
	cpe:2.3:h:mediatek:mt6990:-:::::::*
	cpe:2.3:h:mediatek:mt8196:-:::::::*
	cpe:2.3:h:mediatek:mt8370:-:::::::*
	cpe:2.3:h:mediatek:mt8390:-:::::::*

History

No history.

Information

Published : 2025-04-07 04:15

Updated : 2025-04-09 15:29

NVD link : CVE-2025-20656

Mitre link : CVE-2025-20656

CVE.ORG link : CVE-2025-20656

JSON object : View

Products Affected

mediatek

mt6897
mt6878
mt6886
mt6855
mt6789
mt6985
mt6835
mt6990
mt6895
mt8390
mt8196
mt6989
mt6983
mt6879
mt8370
mt6781

linuxfoundation

yocto

google

android

openwrt

openwrt

rdkcentral

rdk-b

CWE

CWE-787

Out-of-bounds Write

{"id": "CVE-2025-20656", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}]}, "published": "2025-04-07T04:15:19.447", "references": [{"url": "https://corp.mediatek.com/product-security-bulletin/April-2025", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09625423; Issue ID: MSV-3033."}, {"lang": "es", "value": "En DA, existe una posible escritura fuera de los l\u00edmites debido a la falta de una comprobaci\u00f3n de los l\u00edmites. Esto podr\u00eda provocar una escalada local de privilegios si un atacante tiene acceso f\u00edsico al dispositivo, sin necesidad de privilegios de ejecuci\u00f3n adicionales. No se requiere la interacci\u00f3n del usuario para su explotaci\u00f3n. ID de parche: ALPS09625423; ID de problema: MSV-3033."}], "lastModified": "2025-04-09T15:29:43.380", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "437D8F9D-67DF-47A5-9C96-5B51D1562951"}, {"criteria": "cpe:2.3:a:rdkcentral:rdk-b:2024q1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB397DA1-62B3-48FD-B694-9FDA4DA25EDE"}, {"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"}, {"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"}, {"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"}, {"criteria": "cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8538774C-906D-4B03-A3E7-FA7A55E0DA9E"}, {"criteria": "cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0133207-2EED-4625-854F-8DB7770D5BF7"}, {"criteria": "cpe:2.3:o:openwrt:openwrt:23.05:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AED95D06-8EC6-4070-BE3C-E0F851D7FFC1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4EEE021-6B2A-47A0-AC6B-55525A40D718"}, {"criteria": "cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B9B0D82-82C1-4A77-A016-329B99C45F49"}, {"criteria": "cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19A63103-C708-48EC-B44D-5E465A6B79C5"}, {"criteria": "cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89AFEE24-7AAD-4EDB-8C3E-EDBA3240730A"}, {"criteria": "cpe:2.3:h:mediatek:mt6878:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "855A8046-34ED-4891-ACE5-76AB10AC8D53"}, {"criteria": "cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "704BE5CE-AE08-4432-A8B0-4C8BD62148AD"}, {"criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5"}, {"criteria": "cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0CA45C9-7BFE-4C93-B2AF-B86501F763AB"}, {"criteria": "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A7D8055-F4B6-41EE-A078-11D56285AB66"}, {"criteria": "cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB6B9A26-F8A1-4322-AA4E-CDF8F7D99000"}, {"criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE"}, {"criteria": "cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD7DE6B2-66D9-4A3E-B15F-D56505559255"}, {"criteria": "cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A76806D-A4E3-466A-90CB-E9FFE478E7A0"}, {"criteria": "cpe:2.3:h:mediatek:mt8196:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB0C4D80-28BC-4C4D-B522-AD9EC5222A2E"}, {"criteria": "cpe:2.3:h:mediatek:mt8370:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA2B6BB9-7544-41A7-BF3A-344AA4CC4B31"}, {"criteria": "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B774B7D7-B7DD-43A0-833F-7E39DF82CA60"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}