CVE-2025-20635

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-20635

6.6 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.7 / Impact : 5.9

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

I

n V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09403752; Issue ID: MSV-2434.

References
Link Resource
https://corp.mediatek.com/product-security-bulletin/February-2025 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*
cpe:2.3:a:rdkcentral:rdk-b:2022q3:*:*:*:*:*:*:*
cpe:2.3:a:rdkcentral:rdk-b:2024q1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*
cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*
cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*
cpe:2.3:o:openwrt:openwrt:22.03.5:*:*:*:*:*:*:*
OR cpe:2.3:h:mediatek:mt2737:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6878:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8370:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*
History

18 Feb 2025, 19:15

Type Values Removed Values Added
Summary
  • (es) En V6 DA, existe una posible escritura fuera de los límites debido a un neutra. Esto podría provocar una escalada local de privilegios, si un atacante tiene acceso físico al dispositivo, sin necesidad de privilegios de ejecución adicionales. Se necesita la interacción del usuario para la explotación. ID de parche: ALPS09403752; ID de problema: MSV-2434.

03 Feb 2025, 19:31

Type Values Removed Values Added
CPE cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*
cpe:2.3:o:openwrt:openwrt:22.03.5:*:*:*:*:*:*:*
cpe:2.3:a:rdkcentral:rdk-b:2024q1:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6895:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6980:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt2737:-:*:*:*:*:*:*:*
cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6879:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6878:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6983:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:yocto:4.0:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8370:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6990:-:*:*:*:*:*:*:*
cpe:2.3:a:rdkcentral:rdk-b:2022q3:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*
First Time Mediatek mt6990
Mediatek mt6879
Mediatek mt6985
Mediatek mt6897
Mediatek mt6980
Mediatek mt6835
Mediatek mt6886
Mediatek mt8370
Mediatek mt6983
Mediatek mt6890
Openwrt openwrt
Mediatek mt6781
Linuxfoundation
Google
Mediatek mt6880
Mediatek mt6878
Linuxfoundation yocto
Rdkcentral rdk-b
Openwrt
Mediatek mt2737
Mediatek mt6989
Mediatek
Mediatek mt6895
Mediatek mt6855
Mediatek mt8390
Google android
Rdkcentral
Mediatek mt6789
References () https://corp.mediatek.com/product-security-bulletin/February-2025 - () https://corp.mediatek.com/product-security-bulletin/February-2025 - Vendor Advisory
CVSS v2 : unknown
v3 : 6.8 		v2 : unknown
v3 : 6.6

03 Feb 2025, 17:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 6.8

03 Feb 2025, 04:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-02-03 04:15

Updated : 2025-03-13 20:15

NVD link : CVE-2025-20635

Mitre link : CVE-2025-20635

CVE.ORG link : CVE-2025-20635

JSON object : View

Products Affected

mediatek

google

linuxfoundation

rdkcentral

openwrt

CWE
CWE-787

Out-of-bounds Write