MediaTek Issues October 2025 Security Bulletin Addressing Multiple High-Severity Vulnerabilities Across Wi-Fi and GNSS Chipsets

MediaTek has released its October 2025 Product Security Bulletin, disclosing a set of high- and medium-severity vulnerabilities affecting a wide range of its Wi-Fi (WLAN) and GNSS (Global Navigation Satellite System) chipsets.

High-Severity Vulnerabilities in WLAN Components

A significant portion of the bulletin focuses on vulnerabilities impacting MediaTek’s WLAN (Wi-Fi) chipsets used in a wide array of consumer and IoT devices. These include the MT6890, MT7915, MT7916, MT7981, and MT7986 families, among others.

Among the high-risk issues are multiple buffer and heap overflow flaws that could allow attackers to write data out of bounds or corrupt system memory.

For instance, CVE-2025-20712 describes a “heap overflow in wlan” component resulting from an “incorrect bounds check.” This flaw affects MT6990, MT7990, MT7991, MT7992, and MT7993 chipsets.

Similarly, CVE-2025-20709 and CVE-2025-20710 involve a “classic buffer overflow” and an “integer overflow” respectively, both capable of causing “possible out of bounds write due to an incorrect bounds check.”

One of the most severe cases, CVE-2025-20718, highlights a stack overflow vulnerability impacting multiple generations of Wi-Fi chipsets — from legacy MT7603 and MT7622 models to newer MT7986-based systems. The bulletin warns that “there is a possible out of bounds write due to an incorrect bounds check.”

Such vulnerabilities, if exploited, could allow attackers within wireless range to crash the device, execute arbitrary code, or compromise kernel memory integrity.

Medium-Severity Vulnerabilities: GNSS and Imaging Components

In addition to the WLAN issues, the bulletin lists several medium-severity vulnerabilities in GNSS (Global Navigation Satellite System) and image sensor (imgsensor) modules used in smartphones and automotive systems.

The CVE-2025-20722 and CVE-2025-20723 flaws affect GNSS firmware handling of coordinate data and error correction routines. The former is described as an “integer overflow in gnss” leading to “a possible out of bounds read,” while the latter details an “out-of-bounds write due to an incorrect bounds check.” Both issues impact MT6835, MT6878, MT6985, MT6989, and related chipsets.

Meanwhile, CVE-2025-20721, affecting the imgsensor driver, could allow an attacker to trigger a memory corruption condition through crafted inputs. MediaTek describes it as “a possible out of bounds write due to a missing bounds check,” affecting chipsets such as MT6886, MT6899, MT8195, and MT8793.

Mitigation and Recommendations

MediaTek advises users to ensure their devices receive and install the latest firmware updates provided by manufacturers.

Related Posts:

• MediaTek’s April 2025 Security Bulletin: Critical WLAN Vulnerability Exposes Chipsets
• MediaTek’s February 2025 Security Bulletin: Critical WLAN Vulnerabilities Expose Millions to Remote Attacks
• MediaTek July 2025 Security Bulletin: Heap Overflows, WLAN Flaws, and Bluetooth Risks Threaten Billions of Devices
• MediaTek Chipset Flaws: Out-of-Bounds Write Vulnerabilities Expose Smartphones & IoT Devices
• MediaTek September 2025 Security Bulletin: High-Severity Modem Flaws Could Enable Remote Attacks