CVE-2025-20723 is a vulnerability classified under CWE-787 (Out-of-bounds Write) affecting the GNSS (Global Navigation Satellite System) driver in multiple MediaTek chipsets, including MT6835, MT6878, MT6886, MT6897, MT6899, MT6985, MT6989, MT6991, MT8676, MT8678, MT8775, MT8791T, MT8796, and MT8873. These chipsets are integrated into devices running Android 14 and 15. The root cause is an incorrect bounds check in the GNSS driver code, which leads to an out-of-bounds write condition. This flaw can be exploited locally by an attacker who has already obtained System-level privileges on the device, allowing them to escalate privileges further, potentially gaining full control over the device. The vulnerability does not require user interaction, making exploitation easier once system access is achieved. The CVSS v3.1 score is 7.8, indicating high severity with impacts on confidentiality, integrity, and availability. Although no public exploits are known at this time, the vulnerability poses a significant risk due to the critical nature of the affected components and the widespread use of MediaTek chipsets in mobile and embedded devices. A patch has been identified (Patch ID: ALPS09920033), but no direct links are provided. The vulnerability was published on October 14, 2025, and was reserved since November 2024.

The vulnerability allows a local attacker with System privileges to perform an out-of-bounds write, which can lead to arbitrary code execution or corruption of critical memory structures. This can result in full privilege escalation, compromising device confidentiality, integrity, and availability. For organizations, this means that any compromised device with these MediaTek chipsets could be fully controlled by an attacker, potentially leading to data theft, persistent malware installation, or denial of service. Since the vulnerability affects Android 14 and 15 devices, it impacts modern smartphones and IoT devices using these chipsets. The lack of required user interaction increases the risk of automated or stealthy exploitation once initial access is gained. This could be particularly damaging in enterprise environments where devices are used for sensitive communications or access to corporate resources.

Organizations and users should prioritize applying the official patch (ALPS09920033) from MediaTek or device manufacturers as soon as it becomes available. Until patched, enforcing strict privilege separation and minimizing the number of applications or processes with System-level privileges can reduce exploitation risk. Employ runtime protections such as memory protection mechanisms (e.g., DEP, ASLR) and integrity monitoring to detect anomalous behavior. Regularly audit devices for signs of compromise, especially those running Android 14 or 15 on affected MediaTek chipsets. Device manufacturers should expedite firmware updates and communicate clearly with end users. Enterprises should consider restricting the use of vulnerable devices in high-security contexts and implement mobile device management (MDM) policies to enforce timely updates. Additionally, monitoring for unusual local privilege escalation attempts can help detect exploitation attempts early.