CVE-2025-20746 is a stack overflow vulnerability classified under CWE-121, affecting the GNSS (Global Navigation Satellite System) service in a wide range of MediaTek chipsets including MT2718, MT2737, MT6835, MT6878, MT6886, MT6897, MT6899, MT6982, MT6985, MT6986, MT6986D, MT6989, MT6990, MT6991, MT8676, MT8678, MT8755, and MT8893. The root cause is an incorrect bounds check that leads to an out-of-bounds write on the stack, which can corrupt memory and potentially allow an attacker to escalate privileges locally. Exploitation does not require user interaction, but the attacker must already have System-level privileges on the device. The vulnerability affects multiple operating systems and platforms that run on these chipsets, including Android versions 14.0 and 15.0, openWRT 21.02 and 23.05, Yocto 4.0, RDK-B 24Q1, and Zephyr 3.7.0. Although no public exploits have been observed, the flaw could be leveraged in targeted attacks to gain higher privileges, enabling attackers to execute arbitrary code with elevated rights or bypass security controls. The vendor has assigned a patch ID (ALPS10010441) and issue ID (MSV-3967), indicating that a fix is available or forthcoming. This vulnerability is particularly relevant for embedded and IoT devices using MediaTek chipsets, which are widely deployed in consumer electronics, telecommunications equipment, and industrial devices.

For European organizations, the impact of CVE-2025-20746 can be significant, especially in sectors relying on MediaTek-powered devices such as telecommunications, IoT infrastructure, and embedded systems. Successful exploitation could allow attackers with existing system privileges to escalate their access, potentially leading to full device compromise, unauthorized data access, or disruption of critical services. This could affect confidentiality, integrity, and availability of systems, particularly in environments where devices are used for navigation, communication, or control functions. The lack of user interaction requirement increases the risk of automated or stealthy attacks. Organizations could face operational disruptions, data breaches, or compliance issues if vulnerable devices are exploited. The broad range of affected platforms and operating systems increases the attack surface, making it crucial for European entities to assess their device inventories and patch accordingly.

1. Apply the vendor-provided patch ALPS10010441 as soon as it becomes available for all affected devices and platforms. 2. Conduct a thorough inventory of devices using MediaTek chipsets listed in the advisory to identify vulnerable endpoints. 3. Limit system-level privileges to trusted administrators only, reducing the risk that an attacker can gain the prerequisite System privilege needed for exploitation. 4. Implement strict access controls and monitoring on devices running affected firmware or OS versions to detect unusual privilege escalation attempts. 5. Employ runtime protection mechanisms such as stack canaries, DEP (Data Execution Prevention), and ASLR (Address Space Layout Randomization) where supported to mitigate exploitation impact. 6. For IoT and embedded devices, ensure secure boot and firmware integrity checks are enabled to prevent unauthorized modifications. 7. Maintain up-to-date threat intelligence feeds to monitor for any emerging exploits targeting this vulnerability. 8. Educate security teams about the specific nature of this vulnerability to improve incident response readiness.