Buffer underflow vulnerabilities (CVE-2025-20694 and CVE-2025-20695) in Bluetooth firmware present system crash risks classified as CWE-124, affecting extensive chipset ranges including MT2718, MT6639, MT6653, MT8113, MT8115, MT8127, MT8163, MT8168, MT8169, MT8173, MT8183, MT8186, MT8188, MT8195, MT8196, MT8370, MT8390, MT8391, MT8395, MT8512, MT8516, MT8519, MT8676, MT8678, MT8695, MT8696, MT8698, MT8786, MT8792, MT8796, and MT8893. The security update addresses vulnerabilities across MediaTek’s diverse product ecosystem, spanning smartphone chipsets, tablet processors, AIoT devices, smart displays, OTT platforms, computer vision solutions, audio processing units, and television chipsets. Multiple WLAN vulnerabilities (CVE-2025-20688 through CVE-2025-20693) exhibit similar out-of-bounds read patterns, enabling information disclosure attacks across numerous chipsets, including MT6835, MT6878, MT6886, MT6897, MT6899, MT6985, MT6989, MT6990, MT6991, and various MT7000 series processors. MediaTek has released a comprehensive security bulletin addressing 16 critical vulnerabilities across its extensive chipset portfolio, affecting devices from smartphones to IoT platforms. Device manufacturers must prioritize implementing these security patches to mitigate potential exploitation risks and maintain system integrity across their product portfolios.
This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 08 Jul 2025 17:20:13 +0000