Multiple critical security vulnerabilities affecting MediaTek smartphones, tablets, and IoT chipsets could allow attackers to escalate privileges and compromise device security without requiring any user interaction.

The Taiwan-based chipset manufacturer published its June 2025 Product Security Bulletin, revealing seven Common Vulnerabilities and Exposures (CVEs) with severity ratings from high to medium severity, according to CVSS v3.1.

Device manufacturers have been notified of these security flaws and provided with corresponding patches at least two months prior to public disclosure.

High Severity Bluetooth Vulnerability 

The most severe vulnerability identified is CVE-2025-20672, classified as a high-severity Elevation of Privilege (EoP) flaw affecting Bluetooth drivers across multiple MediaTek chipsets. 

This vulnerability stems from a heap overflow condition categorized under CWE-122 Heap Overflow, where an incorrect bounds check in the Bluetooth driver creates the possibility for out-of-bounds write operations.

The technical implementation of this vulnerability enables attackers to achieve local privilege escalation with only user execution privileges required, making it particularly dangerous since no user interaction is necessary for successful exploitation. 

The affected chipsets include MT7902, MT7921, MT7922, MT7925, and MT7927, all running NB SDK release 3.6 and earlier versions. 

This vulnerability was discovered through external security research, highlighting the importance of third-party security assessments in identifying critical flaws.

Medium Severity WLAN and Network Issues

Five medium-severity vulnerabilities have been identified across WLAN and network services, presenting various attack vectors for malicious actors. 

CVE-2025-20673, CVE-2025-20675, and CVE-2025-20676 all involve NULL pointer dereference issues classified under CWE-476, affecting WLAN STA drivers on the same chipset family as the Bluetooth vulnerability, reads the MediaTek advisory.

These Denial of Service (DoS) vulnerabilities could lead to system crashes due to uncaught exceptions, requiring user execution privileges but no user interaction.

CVE-2025-20674 presents a particularly concerning remote attack vector through incorrect authorization in WLAN AP drivers, categorized under CWE-863, Incorrect Authorization. 

This vulnerability affects a broader range of chipsets, including MT6890, MT6990, MT7915, MT7916, MT7981, MT7986, MT7990, MT7992, and MT7993, potentially allowing attackers to inject arbitrary packets due to missing permission checks. 

The vulnerability enables remote privilege escalation without additional execution privileges, affecting devices running SDK release 7.6.7.2 and earlier, as well as specific OpenWrt versions.

CVE-2025-20677 affects Bluetooth drivers with another NULL pointer dereference issue, while CVE-2025-20678 involves uncontrolled recursion in IMS services, classified under CWE-674 Uncontrolled Recursion.

The scope of these vulnerabilities extends far beyond individual devices, with CVE-2025-20678 alone affecting over 80 different MediaTek chipsets spanning from MT6739 to MT8893 series. 

This extensive chipset coverage includes popular smartphone processors, tablet chipsets, and IoT-focused silicon used across numerous device categories, including Smart TVs, Computer Vision systems, and Audio platforms.

The IMS service vulnerability is particularly concerning as it enables remote denial of service attacks when a device connects to a rogue base station controlled by an attacker, requiring no additional execution privileges or user interaction. 

Affected software versions include Modem LR12A, LR13, NR15, NR16, NR17, and NR17R, indicating the vulnerability spans multiple generations of MediaTek’s modem implementations.

Device manufacturers and users must prioritize applying available security patches to mitigate these vulnerabilities, particularly given their potential for exploitation without user awareness or interaction.

Live Credential Theft Attack Unmask & Instant Defense – Free Webinar