MediaTek Issues Security Update to Patch Multiple Chipset Flaws
gbhackersMediaTek today published its September 2025 Product Security Bulletin, disclosing and remediating a series of critical and moderate vulnerabilities in its modem and system components.
The announcement highlights that all affected device OEMs have already received patches for at least two months, and there is currently no evidence of any exploit in the wild.
According to the bulletin, three high-severity flaws and three medium-severity flaws were discovered and evaluated under the Common Vulnerability Scoring System version 3.1 (CVSS v3.1).
The vulnerabilities could enable remote or local privilege escalation and denial-of-service conditions in MediaTek-based devices when connected to specially crafted or rogue base stations, or when an attacker already holds certain privileges on the device.
| CVE Identifier | Title | Severity | Exploitation Impact |
| CVE-2025-20708 | Out-of-bounds write in Modem | High | Remote privilege escalation via rogue base station |
| CVE-2025-20703 | Out-of-bounds read in Modem | High | Remote denial of service via rogue base station |
| CVE-2025-20704 ... |
Copyright of this story solely belongs to gbhackers . To see the full text click HERE