MediaTek has issued urgent security advisories warning of multiple high-severity vulnerabilities in its system-on-chip (SoC) architectures, including flaws that enable local privilege escalation (LPE) and remote code execution (RCE).
The March 2025 Product Security Bulletin highlights three high severity vulnerabilities CVE-2025-20644, CVE-2025-20645, and CVE-2025-20646—affecting modem firmware, cryptographic key management, and Wi-Fi subsystems.
These vulnerabilities impact over 37% of global smartphones and IoT devices using MediaTek’s MT67xx, MT68xx, and MT69xx series chipsets.
High Severity Vulnerabilities
Modem Memory Corruption (CVE-2025-20644)
This high-severity flaw resides in MediaTek’s modem software stack, where improper syntactic validation leads to memory corruption.
Attackers controlling rogue base stations could exploit this vulnerability to trigger remote denial-of-service (DoS) conditions, potentially knocking devices offline without user interaction.
Affected chipsets include the MT6833P (Dimensity 700 series) and MT6895TT (Dimensity 9000 series), widely used in mid-range 5G smartphones.
KeyInstall Bounds Check Bypass (CVE-2025-20645)
A missing bounds check in the KeyInstall component allows out-of-bounds writes, enabling attackers with system-level privileges to execute arbitrary code.
Successful exploitation undermines Android’s SELinux protections, granting persistent access to sensitive subsystems like Secure World TEE (Trusted Execution Environment).
This vulnerability affects devices running Android 14 and 15, including MediaTek’s automotive-grade MT2712 SoCs.
WLAN Firmware Exploit (CVE-2025-20646)
The WLAN Access Point firmware contains an out-of-bounds write vulnerability exploitable via malicious Wi-Fi frames.
Attackers within proximity can achieve remote privilege escalation without user interaction, compromising devices through unpatched Wi-Fi drivers in chips like the MT7663 (common in smart home hubs) and MT7986 (used in enterprise routers).
Secondary Vulnerabilities and Impact
The bulletin also details seven medium-severity flaws, including CVE-2025-20647, a null pointer dereference in modem software that crashes devices connected to malicious base stations.
Additionally, CVE-2025-20630 enables adjacent-network RCE in MediaTek’s MT7603 and MT7622 Wi-Fi SoCs, posing risks to industrial IoT deployments.
These vulnerabilities compound existing risks from earlier disclosures, such as CVE-2024-20154, a critical modem flaw patched in January 2025 that allowed RCE via rogue cellular tower.
Mitigations
MediaTek has distributed patches to OEMs, who are expected to roll out firmware updates by Q2 2025.
The UAE Cyber Security Council recommends immediate network segmentation for critical infrastructure using affected chipsets and continuous monitoring for anomalous base station associations.
For end-users, disabling Wi-Fi Auto-Connect and applying OS updates mitigates WLAN and KeyInstall exploits.
Enterprises leveraging MediaTek’s Genio 1200 AIoT platforms should audit SDK versions, as vulnerabilities in 7.6.7.0 and earlier SDKs remain unpatched in legacy deployments.
According tot the Report, With MediaTek powering 1.5 billion devices annually, these vulnerabilities threaten sectors from consumer electronics to healthcare.
Unpatched IoT devices, particularly those in smart cities and industrial control systems, face heightened risks of botnet recruitment or data exfiltration.
MediaTek’s coordinated disclosure aligns with MITRE’s 2024 ATT&CK Framework, emphasizing proactive defense against firmware-level exploits.
However, the wide range of affected chipsets—spanning smartphones, routers, and automotive systems—underscores the challenges of securing heterogeneous IoT ecosystems.
As attackers increasingly target hardware supply chains, MediaTek’s response sets a critical precedent for silicon vendors balancing rapid innovation with robust security hygiene.
