CRITICAL🇵🇱 Wersja polska

CVE-2025-20672

CVSS 9.8v3.1pub. 2025-06-02upd. 2025-07-02

In Bluetooth driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00412257; Issue ID: MSV-3292.

🤖 AI Analysis
How it works

Improper bounds checking (bounds check) in the Bluetooth driver allows out of bounds write to the allocated heap memory area. An attacker with standard user privileges can exploit this vulnerability without requiring any interaction from the victim. Successful heap memory overwrite can lead to gaining control over code execution in the system.

Impact

An attacker can achieve local privilege escalation (privilege escalation) to a higher level than a standard user. The vulnerability classified as CRITICAL indicates potentially complete compromise of system confidentiality, integrity, and availability.

Mitigation & patch

Apply patches available from the vendor according to references. Vendor patch identifier: WCNCR00412257 (Issue ID: MSV-3292). Details available at: https://corp.mediatek.com/product-security-bulletin/June-2025

Who is affected

Firmware of MediaTek chips: MT7902, MT7921, MT7925, MT7927. Specific firmware versions are indicated in vendor references (MediaTek security bulletin, June 2025).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Mediatek Mt7902

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt7902 Firmware

    OS
    Mediatek
    ≤ 3.6
  • Mediatek Mt7921

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt7921 Firmware

    OS
    Mediatek
    ≤ 3.6
  • Mediatek Mt7922

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt7922 Firmware

    OS
    Mediatek
    ≤ 3.6
  • Mediatek Mt7925

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt7925 Firmware

    OS
    Mediatek
    ≤ 3.6
  • Mediatek Mt7927

    HW
    Mediatek
    wszystkie wersje
  • Mediatek Mt7927 Firmware

    OS
    Mediatek
    ≤ 3.6
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-20407CRITICAL9.3PL ✓ten sam produkt

Privilege escalation w sterowniku WLAN STA MediaTek — brak bounds check

CVE-2025-20680CRITICAL9.8PL ✓ten sam produkt

MediaTek Bluetooth – heap buffer overflow umożliwiający privilege escalation

CVE-2024-20148CRITICAL9.8PL ✓ten sam produkt

Out-of-bounds write w WLAN STA FW MediaTek — zdalne RCE

CVE-2024-20100CRITICAL9.8PL ✓ten sam produkt

MediaTek WLAN Driver — zapis poza granicami bufora umożliwia RCE

CVE-2024-20101CRITICAL9.8PL ✓ten sam produkt

MediaTek WLAN Driver — błąd zapisu poza buforem umożliwiający RCE