CVE-2025-20695
BaseFortify
Publication date: 2025-07-08
Last updated on: 2025-07-14
Assigner: MediaTek, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mediatek | software_development_kit | to 3.7 (inc) |
| android | 13.0 | |
| android | 15.0 | |
| openwrt | openwrt | 21.02.0 |
| openwrt | openwrt | 23.05 |
| mediatek | mt6639 | * |
| mediatek | mt6653 | * |
| mediatek | mt6985 | * |
| mediatek | mt6989 | * |
| mediatek | mt6990 | * |
| mediatek | mt6991 | * |
| mediatek | mt7925 | * |
| mediatek | mt7927 | * |
| mediatek | mt8196 | * |
| mediatek | mt8678 | * |
| mediatek | mt8796 | * |
| android | 14.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-124 | The product writes to a buffer using an index or pointer that references a memory location prior to the beginning of the buffer. |
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is in Bluetooth firmware where an uncaught exception can cause the system to crash. It can be exploited remotely without needing any user interaction or additional execution privileges.
How can this vulnerability impact me? :
The impact of this vulnerability is a remote denial of service (DoS), meaning an attacker can cause the system to crash and become unavailable remotely without requiring user interaction or elevated privileges.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch identified as ALPS09741871 provided by the vendor to fix the Bluetooth firmware vulnerability and prevent potential system crashes and remote denial of service.