Skip to main content

CVE-2025-20695: CWE-124 Buffer Underflow in MediaTek, Inc. MT6639, MT6653, MT6985, MT6989, MT6990, MT6991, MT7925, MT7927, MT8196, MT8678, MT8796

Medium
VulnerabilityCVE-2025-20695cvecve-2025-20695cwe-124
Published: Tue Jul 08 2025 (07/08/2025, 02:00:41 UTC)
Source: CVE Database V5
Vendor/Project: MediaTek, Inc.
Product: MT6639, MT6653, MT6985, MT6989, MT6990, MT6991, MT7925, MT7927, MT8196, MT8678, MT8796

Description

In Bluetooth FW, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09741871; Issue ID: MSV-3317.

AI-Powered Analysis

AILast updated: 07/15/2025, 21:24:33 UTC

Technical Analysis

CVE-2025-20695 is a medium-severity vulnerability classified as a CWE-124 Buffer Underflow affecting multiple MediaTek Bluetooth firmware components, specifically in chipsets MT6639, MT6653, MT6985, MT6989, MT6990, MT6991, MT7925, MT7927, MT8196, MT8678, and MT8796. The flaw arises from an uncaught exception in the Bluetooth firmware that can cause a system crash, leading to a remote denial of service (DoS) condition. Exploitation does not require any user interaction or authentication, and the attacker can trigger the vulnerability remotely over the Bluetooth interface. The affected software versions include Android 13.0, 14.0, and 15.0, SDK release 3.7 and earlier, and openWRT versions 21.02 and 23.05. The vulnerability’s CVSS v3.1 base score is 6.5, reflecting a medium severity with the vector AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating that the attack requires adjacent network access (Bluetooth), no privileges or user interaction, and impacts availability only. No known exploits are currently reported in the wild, and a patch has been identified (ALPS09741871), though no direct patch links are provided. The root cause is a buffer underflow, which typically involves reading memory before the start of a buffer, leading to unpredictable behavior such as crashes. This vulnerability could be leveraged by attackers to disrupt device operation remotely, potentially affecting devices relying on these MediaTek chipsets for Bluetooth connectivity.

Potential Impact

For European organizations, this vulnerability poses a risk primarily to devices incorporating the affected MediaTek chipsets, including smartphones, IoT devices, and embedded systems running Android 13-15 or openWRT-based firmware. The remote denial of service could disrupt critical communications or device availability, particularly in environments relying on Bluetooth for operational continuity, such as manufacturing, healthcare, or logistics sectors. Although the vulnerability does not allow privilege escalation or data compromise, the loss of availability can interrupt business processes, degrade user experience, and potentially cause cascading failures in interconnected systems. Given the widespread use of MediaTek chipsets in consumer and industrial devices, organizations with large device fleets or Bluetooth-dependent infrastructure could face operational disruptions. The lack of required user interaction or authentication lowers the barrier for attackers within Bluetooth range, increasing the risk in densely populated or public environments. However, the attack vector is limited to adjacent network access, so remote exploitation beyond Bluetooth range is not feasible. The absence of known exploits reduces immediate risk but does not preclude future exploitation attempts.

Mitigation Recommendations

European organizations should prioritize deploying the official patch ALPS09741871 as soon as it becomes available from device manufacturers or firmware vendors. In the interim, organizations can mitigate risk by implementing strict Bluetooth access controls, such as disabling Bluetooth on devices where it is not essential, enforcing device pairing policies, and using Bluetooth monitoring tools to detect anomalous connection attempts. Network segmentation can limit exposure of critical systems to Bluetooth-enabled devices. Regular firmware and OS updates should be enforced to ensure timely application of security patches. Additionally, organizations should audit their device inventories to identify those using affected MediaTek chipsets and assess their exposure. For IoT and embedded devices where patching may be delayed or unsupported, consider deploying compensating controls like physical security measures or restricting device proximity to untrusted users. Security teams should also monitor threat intelligence feeds for any emerging exploits targeting this vulnerability and be prepared to respond to potential incidents involving Bluetooth-based denial of service.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
MediaTek
Date Reserved
2024-11-01T01:21:50.381Z
Cvss Version
null
State
PUBLISHED

Threat ID: 686c84de6f40f0eb72f00037

Added to database: 7/8/2025, 2:39:26 AM

Last enriched: 7/15/2025, 9:24:33 PM

Last updated: 7/27/2025, 12:48:04 PM

Views: 15

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats