CVE-2025-20658
First published: Mon Apr 07 2025(Updated: )
In DA, there is a possible permission bypass due to a logic error. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09474894; Issue ID: MSV-2597.
Credit: security@mediatek.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| Any of | ||
| Android | =12.0 | |
| Android | =13.0 | |
| Android | =14.0 | |
| Android | =15.0 | |
| Any of | ||
| Mediatek MT2718 | ||
| MediaTek MT6781 | ||
| MediaTek M6789 | ||
| MediaTek MT6835 | ||
| MediaTek MT6855 | ||
| MediaTek MT6878 | ||
| MediaTek MT6879 | ||
| MediaTek MT6886 | ||
| MediaTek MT6895 | ||
| MediaTek MT6897 | ||
| MediaTek MT6983 | ||
| MediaTek MT6985T | ||
| MediaTek MT6989 | ||
| Mediatek MT8196 | ||
| MediaTek MT8673 | ||
| MediaTek MT8676 | ||
| MediaTek MT8678 | ||
| MediaTek MT8781 WiFi |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2025-20658?
CVE-2025-20658 is classified as a moderate severity vulnerability due to potential privilege escalation risks.
How do I fix CVE-2025-20658?
To resolve CVE-2025-20658, apply the latest patch identified as ALPS09474894 provided by the vendor.
What causes CVE-2025-20658?
CVE-2025-20658 is caused by a logic error that allows for a permission bypass.
Who is affected by CVE-2025-20658?
CVE-2025-20658 affects devices running specific versions of Android and various MediaTek chipsets.
Is user interaction required for exploiting CVE-2025-20658?
No, user interaction is not required for exploiting CVE-2025-20658, making it a higher risk issue.
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/type
- agent/first-publish-date
- agent/description
- agent/author
- agent/source
- agent/severity
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/google
- canonical/android
- version/android/12.0
- version/android/13.0
- version/android/14.0
- version/android/15.0
- vendor/mediatek
- canonical/mediatek mt2718
- canonical/mediatek mt6781
- canonical/mediatek m6789
- canonical/mediatek mt6835
- canonical/mediatek mt6855
- canonical/mediatek mt6878
- canonical/mediatek mt6879
- canonical/mediatek mt6886
- canonical/mediatek mt6895
- canonical/mediatek mt6897
- canonical/mediatek mt6983
- canonical/mediatek mt6985t
- canonical/mediatek mt6989
- canonical/mediatek mt8196
- canonical/mediatek mt8673
- canonical/mediatek mt8676
- canonical/mediatek mt8678
- canonical/mediatek mt8781 wifi