CVE-2025-20657 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2025-20657

Analyzed

More Info Official Page

Source-security@mediatek.com

Published At-07 Apr, 2025 | 04:15

Updated At-18 Apr, 2025 | 16:11

In vdec, there is a possible permission bypass due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09486425; Issue ID: MSV-2609.

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	6.7	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CPE Matches

>>android>>12.0

cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*

>>android>>15.0

cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt8771:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*

cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-787	Secondary	security@mediatek.com
CWE-787	Primary	nvd@nist.gov

References

Hyperlink	Source	Resource
https://corp.mediatek.com/product-security-bulletin/April-2025	security@mediatek.com	Vendor Advisory