CVE-2025-20651

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-20651
In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291294; Issue ID: MSV-2062.

4.1 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.7 / Impact : 3.4

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://corp.mediatek.com/product-security-bulletin/March-2025 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*
cpe:2.3:a:rdkcentral:rdk-b:2022q3:*:*:*:*:*:*:*
cpe:2.3:a:rdkcentral:rdk-b:2024q1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*
cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*
cpe:2.3:o:openwrt:openwrt:23.05:*:*:*:*:*:*:*
OR cpe:2.3:h:mediatek:mt2737:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6878:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8370:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8676:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*
History

22 Apr 2025, 13:46

Type Values Removed Values Added
CPE cpe:2.3:h:mediatek:mt8676:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*
cpe:2.3:a:rdkcentral:rdk-b:2022q3:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6878:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt2737:-:*:*:*:*:*:*:*
cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*
cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*
cpe:2.3:o:openwrt:openwrt:23.05:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8370:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
cpe:2.3:a:rdkcentral:rdk-b:2024q1:*:*:*:*:*:*:*
References () https://corp.mediatek.com/product-security-bulletin/March-2025 - () https://corp.mediatek.com/product-security-bulletin/March-2025 - Vendor Advisory
First Time Linuxfoundation yocto
Mediatek mt6980
Rdkcentral
Mediatek mt6886
Mediatek mt6897
Mediatek mt8678
Mediatek mt6878
Openwrt openwrt
Mediatek mt6990
Mediatek mt2737
Linuxfoundation
Mediatek mt6985
Mediatek mt6855
Mediatek mt6835
Openwrt
Mediatek mt8676
Mediatek mt6781
Mediatek mt6879
Mediatek mt6789
Mediatek
Mediatek mt8370
Mediatek mt6983
Rdkcentral rdk-b
Mediatek mt6890
Google
Mediatek mt6989
Google android
Mediatek mt6895
Mediatek mt6880
Mediatek mt8390

03 Mar 2025, 19:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 4.1
Summary
  • (es) En da, existe una posible lectura fuera de los límites debido a una verificación de los límites faltante. Esto podría provocar la divulgación de información local, si un atacante tiene acceso físico al dispositivo, sin necesidad de privilegios de ejecución adicionales. Se necesita la interacción del usuario para la explotación. ID de parche: ALPS09291294; ID de problema: MSV-2062.

03 Mar 2025, 03:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-03-03 03:15

Updated : 2025-04-22 13:46

NVD link : CVE-2025-20651

Mitre link : CVE-2025-20651

CVE.ORG link : CVE-2025-20651

JSON object : View

Products Affected

mediatek

  • mt6890
  • mt6989
  • mt6789
  • mt8678
  • mt6895
  • mt6897
  • mt2737
  • mt8390
  • mt6879
  • mt6886
  • mt6781
  • mt6980
  • mt6835
  • mt8370
  • mt6878
  • mt6855
  • mt6990
  • mt8676
  • mt6985
  • mt6880
  • mt6983

google

  • android

linuxfoundation

  • yocto

rdkcentral

  • rdk-b

openwrt

  • openwrt
CWE
CWE-125

Out-of-bounds Read