CVE-2025-20694
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-07-08
Last updated on: 2025-07-14
Assigner: MediaTek, Inc.
Description
Description
In Bluetooth FW, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09752821; Issue ID: MSV-3342.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mediatek | software_development_kit | to 3.7 (inc) |
| android | 13.0 | |
| android | 14.0 | |
| android | 15.0 | |
| openwrt | openwrt | 21.02.0 |
| openwrt | openwrt | 23.05 |
| mediatek | mt2718 | * |
| mediatek | mt6639 | * |
| mediatek | mt6653 | * |
| mediatek | mt6985 | * |
| mediatek | mt6989 | * |
| mediatek | mt6990 | * |
| mediatek | mt6991 | * |
| mediatek | mt7925 | * |
| mediatek | mt7927 | * |
| mediatek | mt8113 | * |
| mediatek | mt8115 | * |
| mediatek | mt8127 | * |
| mediatek | mt8163 | * |
| mediatek | mt8168 | * |
| mediatek | mt8169 | * |
| mediatek | mt8173 | * |
| mediatek | mt8183 | * |
| mediatek | mt8186 | * |
| mediatek | mt8188 | * |
| mediatek | mt8195 | * |
| mediatek | mt8196 | * |
| mediatek | mt8370 | * |
| mediatek | mt8390 | * |
| mediatek | mt8391 | * |
| mediatek | mt8395 | * |
| mediatek | mt8512 | * |
| mediatek | mt8516 | * |
| mediatek | mt8519 | * |
| mediatek | mt8676 | * |
| mediatek | mt8678 | * |
| mediatek | mt8695 | * |
| mediatek | mt8696 | * |
| mediatek | mt8698 | * |
| mediatek | mt8786 | * |
| mediatek | mt8792 | * |
| mediatek | mt8796 | * |
| mediatek | mt8893 | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-124 | The product writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is in Bluetooth firmware where an uncaught exception can cause the system to crash. It can be exploited remotely without needing any user interaction or additional execution privileges, leading to a denial of service.
How can this vulnerability impact me? :
The vulnerability can cause a remote denial of service by crashing the system, potentially disrupting normal operations and availability of the affected device or service.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70