CVE-2025-20730
BaseFortify
Publication date: 2025-11-04
Last updated on: 2025-11-05
Assigner: MediaTek, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linuxfoundation | yocto | 4.0 |
| rdkcentral | rdk-b | 2024q1 |
| android | 13.0 | |
| android | 15.0 | |
| android | 16.0 | |
| openwrt | openwrt | 21.02.0 |
| openwrt | openwrt | 23.05.0 |
| mediatek | mt2737 | * |
| mediatek | mt6739 | * |
| mediatek | mt6761 | * |
| mediatek | mt6765 | * |
| mediatek | mt6768 | * |
| mediatek | mt6781 | * |
| mediatek | mt6789 | * |
| mediatek | mt6833 | * |
| mediatek | mt6835 | * |
| mediatek | mt6853 | * |
| mediatek | mt6855 | * |
| mediatek | mt6877 | * |
| mediatek | mt6878 | * |
| mediatek | mt6879 | * |
| mediatek | mt6883 | * |
| mediatek | mt6885 | * |
| mediatek | mt6886 | * |
| mediatek | mt6889 | * |
| mediatek | mt6893 | * |
| mediatek | mt6895 | * |
| mediatek | mt6897 | * |
| mediatek | mt6899 | * |
| mediatek | mt6983 | * |
| mediatek | mt6985 | * |
| mediatek | mt6989 | * |
| mediatek | mt6990 | * |
| mediatek | mt6991 | * |
| mediatek | mt8188 | * |
| mediatek | mt8195 | * |
| mediatek | mt8676 | * |
| mediatek | mt8678 | * |
| mediatek | mt8696 | * |
| android | 14.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an escalation of privilege issue in the preloader component caused by an insecure default value. It allows a malicious actor who already has System privilege to further escalate their privileges locally without needing any user interaction.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an attacker with System privilege to gain higher privileges on the affected system, potentially leading to unauthorized access or control over sensitive system functions.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch identified as ALPS10068463 provided by the vendor to fix the insecure default value in the preloader and prevent local escalation of privilege.