Vulnerability Description
In Bluetooth driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00412257; Issue ID: MSV-3292.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mediatek | Mt7902 Firmware | <= 3.6 |
| Mediatek | Mt7902 | - |
| Mediatek | Mt7921 Firmware | <= 3.6 |
| Mediatek | Mt7921 | - |
| Mediatek | Mt7922 Firmware | <= 3.6 |
| Mediatek | Mt7922 | - |
| Mediatek | Mt7925 Firmware | <= 3.6 |
| Mediatek | Mt7925 | - |
| Mediatek | Mt7927 Firmware | <= 3.6 |
| Mediatek | Mt7927 | - |
Related Weaknesses (CWE)
References
FAQ
What is CVE-2025-20672?
CVE-2025-20672 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In Bluetooth driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction ...
How severe is CVE-2025-20672?
CVE-2025-20672 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-20672?
Check the references section above for vendor advisories and patch information. Affected products include: Mediatek Mt7902 Firmware, Mediatek Mt7902, Mediatek Mt7921 Firmware, Mediatek Mt7921, Mediatek Mt7922 Firmware.