CVE-2025-20653

Published Mar 3, 2025

Last updated a year ago

CVSS medium 6.5

Overview

Description
In da, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291064; Issue ID: MSV-2046.
Source
security@mediatek.com
NVD status
Analyzed
Products
android

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.5
Impact score
5.9
Exploitability score
0.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Severity
MEDIUM

Weaknesses

security@mediatek.com
CWE-190
nvd@nist.gov
CWE-190

Social media

Hype score
Not currently trending

  1. CVE-2025-20653 In da, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure, if an attacker has physical access to the d… https://t.co/wWRgu1SCi5

    @CVEnew

    3 Mar 2025

    51 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. External control of file name in AODManager prior to SMR Apr-2026 Release 1 allows privileged local attacker to create file with system privilege.CVE-2026-21012
  2. Incorrect privilege assignment in Bluetooth in Maintenance mode prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Extend Unlock.CVE-2026-21011
  3. Improper input validation in Retail Mode prior to SMR Apr-2026 Release 1 allows local attackers to trigger privileged functions.CVE-2026-21010
  4. Improper check for exceptional conditions in Recents prior to SMR Apr-2026 Release 1 allows physical attacker to bypass App Pinning.CVE-2026-21009
  5. Exposure of sensitive information in S Share prior to SMR Apr-2026 Release 1 allows adjacent attacker to access sensitive information.CVE-2026-21008

References

Sources include official advisories and independent security research.