CVE-2025-20672 | In Bluetooth driver, there is a possible out of bounds write… | CVSS 9.8 CRITICAL

Description

In Bluetooth driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00412257; Issue ID: MSV-3292.

Metadata

CVE ID: CVE-2025-20672
State: PUBLISHED
Assigner: MediaTek
Reserved: 2024-11-01 01:21 UTC
Published: 2025-06-02 02:29 UTC
Last updated: 2026-02-26 18:27 UTC
Primary CWE: CWE-122
CWE-122 Heap Overflow
Vendor / Product: MediaTek, Inc. / MT7902, MT7921, MT7922, MT7925, MT7927
Sources: cve.org · NVD

Severity & Metrics

9.8 CRITICAL CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
MediaTek, Inc.	MT7902, MT7921, MT7922, MT7925, MT7927	—	NB SDK release 3.6 and before

Weakness (CWE)

CWE	Source	Description
CWE-122	cna	CWE-122 Heap Overflow

CVSS scores (1)

Score	Severity	Version	Source	Vector
9.8	CRITICAL	3.1	adp	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (1)

https://corp.mediatek.com/product-security-bulletin/June-2025