Vulnerability Description
In Bluetooth Stack SW, there is a possible information disclosure due to a missing permission check. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00396437; Issue ID: MSV-2184.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mediatek | Software Development Kit | <= 3.6 |
| Openwrt | Openwrt | 23.05 |
| Mediatek | Mt6880 | - |
| Mediatek | Mt6890 | - |
| Mediatek | Mt6980 | - |
| Mediatek | Mt6990 | - |
| Mediatek | Mt7663 | - |
| Mediatek | Mt7902 | - |
| Mediatek | Mt7925 | - |
| Mediatek | Mt7927 | - |
| Mediatek | Mt7961 | - |
Related Weaknesses (CWE)
References
FAQ
What is CVE-2025-20649?
CVE-2025-20649 is a vulnerability with a CVSS score of 6.5 (MEDIUM). In Bluetooth Stack SW, there is a possible information disclosure due to a missing permission check. This could lead to remote (proximal/adjacent) information disclosure with no additional execution p...
How severe is CVE-2025-20649?
CVE-2025-20649 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-20649?
Check the references section above for vendor advisories and patch information. Affected products include: Mediatek Software Development Kit, Openwrt Openwrt, Mediatek Mt6880, Mediatek Mt6890, Mediatek Mt6980.