CVE-2025-20746 is a stack overflow vulnerability categorized under CWE-121, discovered in the GNSS (Global Navigation Satellite System) service of numerous MediaTek chipsets, including MT2718, MT2737, MT6835, MT6878, MT6886, MT6897, MT6899, MT6982, MT6985, MT6986, MT6986D, MT6989, MT6990, MT6991, MT8676, MT8678, MT8755, and MT8893. The root cause is an incorrect bounds check that allows an out-of-bounds write on the stack, which can corrupt memory and lead to privilege escalation. The vulnerability requires the attacker to have already obtained System-level privileges, meaning it is not an initial entry vector but can be used to further elevate privileges locally without user interaction. Affected platforms include Android versions 14 and 15, openWRT 21.02 and 23.05, Yocto 4.0, RDK-B 24Q1, and Zephyr 3.7.0, indicating a broad impact across embedded and IoT operating systems. The CVSS v3.1 score is 6.7 (medium severity), reflecting high impact on confidentiality, integrity, and availability but limited by the requirement for high privileges and local access. No public exploits have been reported yet, but the vulnerability poses a significant risk for devices using these chipsets, especially in telecommunications and consumer electronics. The vendor has assigned Patch ID ALPS10010441 and Issue ID MSV-3967 for remediation. The vulnerability's exploitation could allow attackers to execute arbitrary code with elevated privileges, potentially compromising device security and stability.

The primary impact of CVE-2025-20746 is local privilege escalation on devices using affected MediaTek chipsets. An attacker with System-level privileges can exploit the stack overflow to gain higher privileges, potentially leading to full control over the device. This can compromise confidentiality by exposing sensitive data, integrity by allowing unauthorized code execution or modification of system components, and availability by causing system crashes or denial of service. Given the affected platforms include widely used embedded and IoT operating systems, the vulnerability could impact a broad range of consumer electronics, telecommunications equipment, and industrial devices. This could lead to compromised user privacy, disruption of critical services, and increased risk of persistent malware infections. Organizations deploying devices with these chipsets may face operational disruptions and reputational damage if exploited. The lack of required user interaction facilitates stealthy exploitation once initial access is obtained. Although no exploits are currently known in the wild, the vulnerability's presence in foundational GNSS services increases the risk profile for location-based services and device integrity.

To mitigate CVE-2025-20746, organizations should prioritize applying the vendor-provided patch identified by Patch ID ALPS10010441 as soon as it becomes available. Until patches are deployed, restrict local access to devices running affected MediaTek chipsets to trusted personnel only, minimizing the risk of privilege escalation by malicious insiders or compromised accounts. Implement strict access controls and monitoring on systems with System-level privileges to detect anomalous behavior indicative of exploitation attempts. Employ runtime protections such as stack canaries, address space layout randomization (ASLR), and control flow integrity (CFI) where supported by the platform to reduce exploitation likelihood. Regularly update embedded and IoT device firmware and operating systems to incorporate security fixes. Conduct thorough security audits of GNSS-related services and components to identify any additional weaknesses. For organizations deploying devices in sensitive environments, consider network segmentation and device isolation to limit lateral movement in case of compromise. Finally, maintain incident response readiness to quickly address any exploitation attempts.