Vulnerability Description
In thermal, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09698599; Issue ID: MSV-3228.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Android | 14.0 | |
| Mediatek | Mt2718 | - |
| Mediatek | Mt6878 | - |
| Mediatek | Mt6897 | - |
| Mediatek | Mt6899 | - |
| Mediatek | Mt6989 | - |
| Mediatek | Mt6991 | - |
| Mediatek | Mt8196 | - |
| Mediatek | Mt8391 | - |
| Mediatek | Mt8676 | - |
| Mediatek | Mt8678 | - |
Related Weaknesses (CWE)
References
- https://corp.mediatek.com/product-security-bulletin/May-2025Vendor Advisory
FAQ
What is CVE-2025-20671?
CVE-2025-20671 is a vulnerability with a CVSS score of 7.0 (HIGH). In thermal, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User inter...
How severe is CVE-2025-20671?
CVE-2025-20671 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-20671?
Check the references section above for vendor advisories and patch information. Affected products include: Google Android, Mediatek Mt2718, Mediatek Mt6878, Mediatek Mt6897, Mediatek Mt6899.