MediaTek has released its April 2025 Product Security Bulletin, detailing a range of security vulnerabilities affecting its various chipsets. The bulletin covers vulnerabilities in chipsets used in smartphones, tablets, AIoT devices, smart displays, smart platforms, OTT devices, computer vision, audio, and TVs.
The bulletin addresses vulnerabilities of varying severity levels, including critical, high, and medium. These vulnerabilities could lead to several security issues, such as remote code execution (RCE), escalation of privilege (EoP), denial of service (DoS), and information disclosure.
One of the most severe vulnerabilities highlighted in the bulletin is an out-of-bounds write in the WLAN service (CVE-2025-20654). The bulletin warns that this vulnerability βcould lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitationβ. This vulnerability is rated as critical and affects several chipsets, including MT6890, MT7622, MT7915, MT7916, MT7981, and MT7986.
The bulletin also details multiple high-severity vulnerabilities, primarily focusing on out-of-bounds read and write issues. These include:
Out-of-bounds read in keymaster (CVE-2025-20655).Out-of-bounds write in DA (CVE-2025-20656, CVE-2025-20658).Out-of-bounds write in vdec (CVE-2025-20657).These vulnerabilities could lead to local information disclosure or escalation of privilege, especially if a malicious actor has already obtained system privileges or has physical access to the device. For instance, the bulletin states that the out-of-bounds write in DA βcould lead to local escalation of privilege if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitationβ.
The bulletin also identifies several medium-severity vulnerabilities:
Out-of-bounds read in Modem (CVE-2025-20659).Out-of-bounds read in drmserver (CVE-2025-20660, CVE-2025-20661, CVE-2025-20662).Uncaught exception in wlan (CVE-2025-20663, CVE-2025-20664).These vulnerabilities could lead to denial-of-service attacks or information disclosure.
The vulnerabilities affect a wide range of MediaTek chipsets and software versions. Device OEMs have been notified of these issues and the corresponding security patches. Some of the affected chipsets include the MT6000, MT8000, and MT9000 series, with software versions including various Android versions, OpenWrt, Yocto, and RDK-B.
MediaTek has notified device OEMs about these vulnerabilities and provided security patches. Users and device manufacturers are strongly advised to apply these patches promptly to mitigate the risks. Keeping devices updated with the latest software is crucial to protect against potential exploits.