CVE-2025-20660

In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: DTV04436357; Issue ID: MSV-3186.

CVSS v3 6.7 MEDIUM

6.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://corp.mediatek.com/product-security-bulletin/April-2025	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:google:android:12.0:-::::::
	cpe:2.3:o:google:android:14.0:::::::*

cpe:2.3:h:mediatek:mt9972:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-04-07 04:15

Updated : 2025-04-18 16:12

NVD link : CVE-2025-20660

Mitre link : CVE-2025-20660

CVE.ORG link : CVE-2025-20660

JSON object : View

Products Affected

mediatek

mt9972

google

android

CWE

CWE-125

Out-of-bounds Read

{"id": "CVE-2025-20660", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}]}, "published": "2025-04-07T04:15:19.940", "references": [{"url": "https://corp.mediatek.com/product-security-bulletin/April-2025", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-125"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: DTV04436357; Issue ID: MSV-3186."}, {"lang": "es", "value": "En PlayReady TA, existe una posible lectura fuera de los l\u00edmites debido a la falta de una comprobaci\u00f3n de los l\u00edmites. Esto podr\u00eda provocar una escalada local de privilegios si un actor malicioso ya ha obtenido el privilegio de System. No se requiere la interacci\u00f3n del usuario para la explotaci\u00f3n. ID de parche: DTV04436357; ID de problema: MSV-3186."}], "lastModified": "2025-04-18T16:12:26.920", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:12.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16820CAF-0A8A-45C8-B5A8-979EA0407389"}, {"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt9972:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0C76B993-B660-41EB-A66A-96011A044BF6"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}