
MediaTek has released its February 2025 Product Security Bulletin, addressing several critical vulnerabilities affecting its chipsets used in smartphones, tablets, and other devices. The bulletin details security flaws that could potentially lead to remote code execution, elevation of privilege, and denial of service attacks.
Three particularly concerning vulnerabilities (CVE-2025-20633, CVE-2025-20632, CVE-2025-20631) resides in the WLAN AP driver, where an incorrect bounds check could allow remote attackers to execute code without needing any additional privileges or user interaction. This flaw affects chipsets including MT7603, MT7615, MT7622, and MT7915 running SDK release 7.4.0.1 and earlier.
Other high-severity vulnerabilities involve potential out-of-bounds writes in the modem (CVE-2025-20630) and various drivers, which could lead to remote code execution or local privilege escalation. These vulnerabilities affect a wide range of MediaTek chipsets and software versions.
MediaTek has been working with device manufacturers (OEMs) to provide the necessary patches for these vulnerabilities for at least two months before the bulletin’s publication. Users are strongly advised to check for software updates from their device manufacturers and install them as soon as possible to mitigate the risks associated with these security flaws.
The complete MediaTek Product Security Bulletin, including details of all affected chipsets and software versions, can be found on the MediaTek website.
Related Posts:
- Critical Vulnerability in Qualcomm Chips Affects Billions of Devices
- Over 30% of Android devices have eavesdropping vulnerabilities, MediaTek is releasing an update to fix the vulnerabilities
- MediaTek Patches Critical Vulnerabilities in Smartphone, Tablet, and IoT Chipsets
- MediaTek Patches High-Severity Vulnerability in Smartphone Chipsets (CVE-2024-20125)