CVE-2025-20656

In DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09625423; Issue ID: MSV-3033.

Published: Apr 7, 2025
Updated: May 4, 2025
CVE: CVE-2025-20656
Exploit:

No technical information available.

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
linuxfoundation / yocto	4.0	4.0.x
rdkcentral / rdk-b	2024q1	2024q1.x
google / android	12.0	12.0.x
google / android	13.0	13.0.x
google / android	14.0	14.0.x
google / android	15.0	15.0.x
openwrt / openwrt	21.02.0	21.02.0.x
openwrt / openwrt	23.05	23.05.x

https://corp.mediatek.com/product-security-bulletin/April-2025

Vulnerability Database

289,599

CVE-2025-20656