MediaTek Chipset Flaws: Out-of-Bounds Write Vulnerabilities Expose Smartphones & IoT Devices

MediaTek, one of the world’s leading chipset manufacturers, has published its latest Product Security Bulletin, revealing several security vulnerabilities affecting a wide range of its chipsets used in smartphones, IoT devices, and other embedded systems.

The first and most critical issue disclosed is CVE-2025-20696, a high-severity vulnerability stemming from an out-of-bounds write condition in the Download Agent (DA). This flaw is caused by a missing bounds check and could allow an attacker with physical access to escalate privileges locally. While user interaction is required, no elevated execution privileges are necessary. This vulnerability affects a wide array of MediaTek chipsets, including popular models such as MT6761, MT6877, MT6983, and MT8196, and spans across software versions including Android 13.0, 14.0, and 15.0, as well as openWRT, Yocto, RDK-B, and Zephyr.

The second vulnerability, CVE-2025-20697, was reported by an external researcher and involves an out-of-bounds write in the Power Hardware Abstraction Layer (Power HAL). Unlike the previous issue, this vulnerability does not require user interaction but does require that the attacker already has System-level privileges. If exploited, it could enable further privilege escalation or arbitrary code execution. This flaw affects chipset families such as MT6765, MT6889, MT6989, and MT8893, and is limited to devices running Android 14.0 and 15.0. Although considered medium severity, its silent exploitation potential makes it noteworthy for enterprise and mobile device vendors.

The third vulnerability, CVE-2025-20698, shares technical similarities with CVE-2025-20697—being another out-of-bounds write in Power HAL—but it impacts a significantly broader range of chipsets, including legacy models like MT6739 and high-performance SoCs like MT6895 and MT6991. This issue also does not require user interaction and affects devices across Android 13.0, 14.0, and 15.0.

MediaTek confirms that OEMs were informed at least two months prior to the public disclosure and security patches are now available. The company encourages all manufacturers and developers to apply these updates promptly.

Related Posts:

• MediaTek’s April 2025 Security Bulletin: Critical WLAN Vulnerability Exposes Chipsets
• MediaTek’s February 2025 Security Bulletin: Critical WLAN Vulnerabilities Expose Millions to Remote Attacks
• Over 30% of Android devices have eavesdropping vulnerabilities, MediaTek is releasing an update to fix the vulnerabilities
• MediaTek July 2025 Security Bulletin: Heap Overflows, WLAN Flaws, and Bluetooth Risks Threaten Billions of Devices
• Hacker can use Smartphone Apps to control industrial processes

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal

Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy

Written by

@DdoS · Security Researcher

Do Son

Do Son is the Founder and Editor of SecurityOnline.info. Working in cybersecurity since 2013, he reports on vulnerabilities, malware, and emerging threats, providing timely analysis to help organizations and individuals stay ahead of evolving risks.