CVE-2025-20652 | MediaTek MT8893 V5 DA out-of-bounds (MSV-2052 / ALPS09291215)

A vulnerability was found in MediaTek MT6580, MT6739, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8167, MT8167S, MT8175, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8395, MT8666, MT8667, MT8673, MT8675, MT8678, MT8765, MT8766, MT8768, MT8771, MT8775, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8795T, MT8797, MT8798 and MT8893 and classified as problematic. Affected by this issue is some unknown functionality of the component V5 DA. The manipulation leads to out-of-bounds read.

This vulnerability is handled as CVE-2025-20652. It is possible to launch the attack on the physical device. There is no exploit available.

It is recommended to apply a patch to fix this issue.

CVE-2025-20652 | MediaTek MT8893 V5 DA out-of-bounds (MSV-2052 / ALPS09291215)

Post correlati

CVE-2024-2197 | Chirp Access hard-coded credentials (icsa-24-067-01)

CVE-2024-7158 | TOTOLINK A3100R 4.1.2cu.5050_B20200504 HTTP POST Request /cgi-bin/cstecgi.cgi setTelnetCfg telnet_enabled command injection

CVE-2024-5594 | OpenVPN up to 2.6.10 PUSH_REPLY Message improper validation of specified type of input

CVE-2024-11122 | 上海灵当信息科技有限公司 Lingdang CRM up to 8.6.4.3 index.php?msgid=1&operation=upload file unrestricted upload