MediaTek Patches Critical Chipset Vulnerabilities in July 2025 Security Update

MediaTek has released its July 2025 Product Security Bulletin addressing a comprehensive range of vulnerabilities affecting smartphone, tablet, AIoT, smart display, smart platform, OTT, computer vision, audio, and TV chipsets.

The bulletin identifies 16 security vulnerabilities, with seven classified as high severity and nine as medium severity, all assessed using the Common Vulnerability Scoring System version 3.1 (CVSS v3.1).

Device OEMs received notification and corresponding security patches at least two months before the bulletin’s publication on July 8, 2025.

The most critical vulnerabilities center around memory corruption issues in MediaTek’s Bluetooth and WLAN drivers.

CVE-2025-20680 represents a heap overflow vulnerability in the Bluetooth driver affecting MT7902, MT7920, MT7921, MT7922, MT7925, and MT7927 chipsets, potentially leading to local privilege escalation without user interaction.

This vulnerability stems from incorrect bounds checking in the NB SDK release 3.6 and earlier versions.

Five additional high-severity vulnerabilities (CVE-2025-20681 through CVE-2025-20684) involve out-of-bounds write conditions in WLAN AP drivers.

These vulnerabilities affect various chipset families including MT6890, MT7615, MT7622, MT7663, MT7915, MT7916, MT7981, and MT7986, with impacts ranging across SDK release 7.6.7.2 and earlier versions, as well as OpenWRT 19.07 and 21.02 distributions.

Each vulnerability enables local privilege escalation with user execution privileges, requiring no user interaction for exploitation.

The most severe threats emerge from CVE-2025-20685 and CVE-2025-20686, both heap overflow vulnerabilities in WLAN AP drivers that enable remote code execution.

These vulnerabilities affect MT6890, MT7915, MT7916, MT7981, and MT7986 chipsets and represent the highest risk as they allow proximal or adjacent attackers to execute code without additional privileges.

Critical Chipset Vulnerabilities

The medium-severity vulnerabilities primarily involve out-of-bounds read conditions across both Bluetooth and WLAN drivers.

CVE-2025-20687 affects the same Bluetooth chipsets as the high-severity heap overflow, potentially causing local denial of service.

Meanwhile, CVE-2025-20688 through CVE-2025-20692 represent a series of information disclosure vulnerabilities in WLAN AP drivers affecting the same extensive chipset range as the high-severity write vulnerabilities.

CVE-2025-20693 stands out as it affects WLAN STA drivers across an extensive range of chipsets, including newer models like MT6835, MT6878, MT6886, MT6897, MT6899, MT6985, MT6989, MT6990, and MT6991.

This vulnerability enables remote information disclosure from proximal or adjacent attackers without requiring additional execution privileges.

Buffer underflow vulnerabilities CVE-2025-20694 and CVE-2025-20695 affect Bluetooth firmware across numerous chipsets, potentially causing system crashes and remote denial of service.

These vulnerabilities impact a broad spectrum of devices running Android 13.0, 14.0, and 15.0, along with various SDK and OpenWRT versions.

Patches Available

MediaTek’s security bulletin addressed that device OEMs received advance notification of all identified vulnerabilities, providing sufficient time for patch integration and testing.

The company notes that all vulnerabilities were reported by external sources, suggesting robust external security research collaboration.

The bulletin acknowledges that the list of affected chipsets may not be comprehensive, directing device OEMs to contact their MediaTek representatives for additional information or clarification.

This coordinated disclosure approach ensures that security patches are available across MediaTek’s extensive chipset ecosystem, protecting millions of devices worldwide from potential exploitation.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.