CVE-2025-20721 — HIGH (7.8)

Vulnerability Description

In imgsensor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10089545; Issue ID: MSV-4279.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Mediatek	Iot Yocto	25.0
Google	Android	13.0
Mediatek	Mt6886	-
Mediatek	Mt6897	-
Mediatek	Mt6899	-
Mediatek	Mt6985	-
Mediatek	Mt6989	-
Mediatek	Mt6991	-
Mediatek	Mt8195	-
Mediatek	Mt8196	-
Mediatek	Mt8370	-
Mediatek	Mt8390	-
Mediatek	Mt8395	-
Mediatek	Mt8792	-
Mediatek	Mt8793	-

Related Weaknesses (CWE)

CWE-787

References

https://corp.mediatek.com/product-security-bulletin/October-2025Vendor Advisory

FAQ

What is CVE-2025-20721?

CVE-2025-20721 is a vulnerability with a CVSS score of 7.8 (HIGH). In imgsensor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. Us...

How severe is CVE-2025-20721?

CVE-2025-20721 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-20721?

Check the references section above for vendor advisories and patch information. Affected products include: Mediatek Iot Yocto, Google Android, Mediatek Mt6886, Mediatek Mt6897, Mediatek Mt6899.