CVE-2025-20796
BaseFortify
Publication date: 2026-01-06
Last updated on: 2026-01-08
Assigner: MediaTek, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| android | 15.0 | |
| mediatek | mt6989 | * |
| mediatek | mt8796 | * |
| mediatek | mt8893 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1285 | The product receives input that is expected to specify an index, position, or offset into an indexable resource such as a buffer or file, but it does not validate or incorrectly validates that the specified index/position/offset has the required properties. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an out of bounds write in the imgsys component caused by improper input validation. It can be exploited locally by a malicious actor who already has System privilege, potentially leading to escalation of privileges. Exploitation requires user interaction.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow a malicious user with System privilege to escalate their privileges further, potentially gaining higher access or control over the system. However, exploitation requires user interaction and prior System privilege.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch identified as ALPS10314745 to fix the vulnerability in imgsys. Since exploitation requires user interaction and local System privilege, ensure that only trusted users have such privileges and monitor for any suspicious activity.