MediaTek’s June 2025 Security Bulletin: High-Severity Flaw & Multiple Medium Risks Uncovered

MediaTek, a leading global chipset manufacturer, has published its June 2025 Product Security Bulletin, disclosing one high-severity vulnerability and six medium-severity issues affecting a wide range of chipsets and SDK versions. The vulnerabilities span Bluetooth, WLAN, and IMS subsystems—posing risks such as remote code execution, local denial of service, and unauthorized privilege escalation.

The most critical flaw disclosed is CVE-2025-20672, a heap overflow vulnerability in the Bluetooth driver. According to the bulletin, “In Bluetooth driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege.” The vulnerability is classified under CWE-122 (Heap Overflow) and allows an attacker with user-level execution privileges to escalate access locally without user interaction. Affected chipsets include the MT7902, MT7921, MT7922, MT7925, and MT7927, all running NB SDK release 3.6 or earlier. This vulnerability was reported by an external researcher.

In addition to the heap overflow, MediaTek addressed six medium-severity vulnerabilities spanning Bluetooth, WLAN, and IMS subsystems.

• CVE-2025-20673 / 20675 / 20676 – Null Pointer Dereference in WLAN (DoS): These three CVEs describe uncaught exceptions in the WLAN STA driver that can lead to system crashes and local denial-of-service conditions.
• CVE-2025-20674 – Incorrect Authorization in WLAN AP Driver (EoP): This vulnerability allows remote injection of arbitrary packets due to missing permission checks.
• CVE-2025-20677 – Null Pointer Dereference in Bluetooth (DoS): Another DoS vulnerability in the Bluetooth driver with similar technical roots as the WLAN bugs above.
• CVE-2025-20678 – Uncontrolled Recursion in IMS Service (Remote DoS): Perhaps the most far-reaching among the medium-severity issues, this bug can be exploited remotely via a rogue base station. A flaw in the IMS service’s error handling may trigger a crash.

MediaTek’s bulletin emphasizes the need for prompt updates across multiple SDK versions. Stakeholders—including OEMs, integrators, and carriers—should apply the latest security patches to prevent potential exploitation.

Organizations should also monitor deployment environments for signs of exploitation and ensure fallback systems are robust in case of DoS conditions.

Related Posts:

• MediaTek’s April 2025 Security Bulletin: Critical WLAN Vulnerability Exposes Chipsets
• MediaTek’s February 2025 Security Bulletin: Critical WLAN Vulnerabilities Expose Millions to Remote Attacks
• Critical Vulnerability in Qualcomm Chips Affects Billions of Devices
• Over 30% of Android devices have eavesdropping vulnerabilities, MediaTek is releasing an update to fix the vulnerabilities