CVE-2025-20743

Summary

In clkdbg, there is a possible escalation of privilege due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10136671; Issue ID: MSV-4651.

Affected Software

VendorProductVersion RangeStatus
MediaTek, Inc.MT2718, MT6761, MT6765, MT6768, MT6781, MT6853, MT6877, MT6886, MT6893, MT6897, MT6899, MT6983, MT6989, MT6991, MT8113, MT8163, MT8168, MT8169, MT8183, MT8186, MT8188, MT8195, MT8196, MT8321, MT8365, MT8385, MT8390, MT8391, MT8512, MT8516, MT8519, MT8676, MT8678, MT8695, MT8696, MT8698, MT8755, MT8766, MT8768, MT8771, MT8775, MT8781, MT8786, MT8788E, MT8791T, MT8792, MT8793, MT8796, MT8797, MT8798, MT8873, MT8883, MT8893Android 14.0, 15.0, 16.0affected

Weaknesses

  • CWE-416: CWE-416 Use After Free

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References