CVE-2025-20694 is a medium-severity buffer underflow vulnerability (CWE-124) found in the Bluetooth firmware of multiple MediaTek chipsets, including MT2718, MT6639, MT6653, MT6985, MT6989, MT6990, MT6991, MT7925, MT7927, MT8113, MT8115, MT8127, MT8163, MT8168, MT8169, MT8173, MT8183, MT8186, MT8188, MT8195, MT8196, MT8370, MT8390, MT8391, MT8395, MT8512, MT8516, MT8519, MT8676, MT8678, MT8695, MT8696, MT8698, MT8786, MT8792, MT8796, and MT8893. The vulnerability arises from an uncaught exception caused by a buffer underflow condition within the Bluetooth firmware, which can lead to a system crash. Exploitation does not require any user interaction or authentication, and can be triggered remotely over Bluetooth. The affected software versions include Android 13.0, 14.0, and 15.0, SDK release 3.7 and earlier, and openWRT versions 21.02 and 23.05. The CVSS v3.1 base score is 6.5 (medium severity), with an attack vector of adjacent network (Bluetooth), low attack complexity, no privileges required, no user interaction, unchanged scope, no impact on confidentiality or integrity, but high impact on availability due to denial of service. No known exploits are currently reported in the wild. The vulnerability is identified as MSV-3342 by MediaTek, with patch ID ALPS09752821 available, though no direct patch links were provided in the source information. This vulnerability could be leveraged by an attacker within Bluetooth range to cause a denial of service on affected devices by crashing the system firmware, potentially disrupting device availability and Bluetooth-dependent functionalities.

For European organizations, this vulnerability poses a risk primarily to devices using affected MediaTek chipsets with vulnerable Bluetooth firmware. Given the widespread use of MediaTek chipsets in smartphones, IoT devices, embedded systems, and networking equipment, organizations relying on such devices could face service disruptions. The denial of service could impact critical business operations that depend on Bluetooth connectivity, such as wireless peripherals, access control systems, and industrial IoT sensors. Although the vulnerability does not allow privilege escalation or data compromise, the availability impact could lead to operational downtime, increased support costs, and potential safety risks in environments relying on Bluetooth-enabled devices. The lack of required user interaction and remote exploitability increases the risk in environments with many Bluetooth-enabled devices in close proximity, such as offices, manufacturing floors, and public spaces. Additionally, the presence of this vulnerability in openWRT firmware versions suggests that routers and network devices could be affected, potentially impacting network availability and stability.

European organizations should prioritize the following mitigation steps: 1) Identify and inventory all devices using the affected MediaTek chipsets and firmware versions, including smartphones, IoT devices, and networking equipment running openWRT 21.02 or 23.05. 2) Apply vendor-provided patches or firmware updates as soon as they become available, referencing MediaTek patch ID ALPS09752821 and monitoring vendor advisories for updates. 3) Where immediate patching is not possible, implement network segmentation and Bluetooth access controls to limit exposure, such as disabling Bluetooth on devices where it is not essential or restricting Bluetooth usage to trusted devices only. 4) Employ Bluetooth monitoring tools to detect unusual connection attempts or repeated connection failures that may indicate exploitation attempts. 5) For critical infrastructure, consider deploying intrusion detection systems capable of monitoring Bluetooth traffic anomalies. 6) Educate users and IT staff about the risks of leaving Bluetooth enabled unnecessarily and encourage disabling Bluetooth when not in use. 7) Coordinate with device manufacturers and suppliers to ensure timely firmware updates and vulnerability management. These targeted actions go beyond generic advice by focusing on inventory management, access control, monitoring, and vendor coordination specific to this Bluetooth firmware vulnerability.