CVE-2025-20721

Published Oct 14, 2025

Last updated 7 months ago

CVSS high 7.8

Overview

Description: In imgsensor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10089545; Issue ID: MSV-4279.
Source: security@mediatek.com
NVD status: Analyzed
Products: iot_yocto, android

Risk scores

CVSS 3.1

Type: Secondary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

security@mediatek.com: CWE-787

Hype score: Not currently trending

CVE-2025-20721 In imgsensor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already… https://t.co/QJY7Bf8vRV
@CVEnew
14 Oct 2025
267 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mediatek:iot_yocto:25.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "A4669355-5DA9-4D28-B06B-5528150390AC",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "8538774C-906D-4B03-A3E7-FA7A55E0DA9E",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:google:android:16.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "2D49E611-5D53-479D-A981-42388FDC0E8D",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      },
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:mediatek:mt6886:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "AF3E2B84-DAFE-4E11-B23B-026F719475F5",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "2A7D8055-F4B6-41EE-A078-11D56285AB66",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:h:mediatek:mt6899:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "C6E9F80F-9AC9-41E0-BB14-9DB6F14B62CD",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:h:mediatek:mt6985:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "EA72CCD1-DEA2-48EB-8781-04CFDD41AAEE",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:h:mediatek:mt6989:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "AD7DE6B2-66D9-4A3E-B15F-D56505559255",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:h:mediatek:mt6991:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "CBBB30DF-E963-4940-B742-F6801F68C3FC",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:h:mediatek:mt8196:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "FB0C4D80-28BC-4C4D-B522-AD9EC5222A2E",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:h:mediatek:mt8370:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "DA2B6BB9-7544-41A7-BF3A-344AA4CC4B31",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:h:mediatek:mt8390:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "B774B7D7-B7DD-43A0-833F-7E39DF82CA60",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:h:mediatek:mt8395:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "D98FBE1C-D57B-49D9-9C4E-8A133A0C1C89",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:h:mediatek:mt8792:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "336FC69E-E89F-4642-B6B9-8009D9A2BD52",
            "vulnerable": false
          },
          {
            "criteria": "cpe:2.3:h:mediatek:mt8793:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "2FBD3487-F8CE-406C-8BD7-DD57FF8CD60B",
            "vulnerable": false
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References