Ddos 
The MediaTek Product Security Bulletin for May 2025 highlights multiple security vulnerabilities affecting a wide range of MediaTek-powered devices, including smartphones, tablets, AIoT platforms, smart displays, audio systems, and TV chipsets. Among the six reported CVEs, one has been rated high severity, while the rest are medium, collectively affecting dozens of chipsets and Android versions up to 15.0.
The most severe vulnerability in this bulletin is CVE-2025-20666, a reachable assertion in the modem subsystem that could allow a remote denial-of-service (DoS) attack:
“In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed,” reads the security bulletin.
This vulnerability, classified under CWE-617 (Reachable Assertion), requires no user interaction and affects chipsets such as the MT6833, MT6877, MT6893, and over 30 others running Modem NR15 firmware.
Several medium-severity vulnerabilities were also identified:
- CVE-2025-20667: “Inadequate encryption strength in Modem” could lead to remote information disclosure if a UE connects to a rogue base station.
- CVE-2025-20671 and CVE-2025-20668: “Out-of-bounds write” vulnerabilities in thermal and scp, respectively, could allow local escalation of privilege if a malicious actor has already obtained system privileges.
- CVE-2025-20670: “Improper certificate validation in Modem” may lead to a permission bypass.
- CVE-2025-20665: “File and directory information exposure in devinfo” could result in local information disclosure of device identifiers.
The medium-severity vulnerabilities also affect numerous chipsets, with some impacting devices running Android 13, 14, and 15.
Users are advised to ensure their devices are updated with the latest software from their respective manufacturers.
Related Posts:
- MediaTek’s February 2025 Security Bulletin: Critical WLAN Vulnerabilities Expose Millions to Remote Attacks
- Over 30% of Android devices have eavesdropping vulnerabilities, MediaTek is releasing an update to fix the vulnerabilities
- MediaTek’s April 2025 Security Bulletin: Critical WLAN Vulnerability Exposes Chipsets
- MediaTek Patches Critical Vulnerabilities in Smartphone, Tablet, and IoT Chipsets
- D-Link router and modem vulnerabilities are being exploited by Satori IoT botnet
Donate