CVE-2025-20643
LOWDescription
In DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, if a malicious actor has already obtained the System privilege. User interaction is needed for exploitation. Patch ID: ALPS09291146; Issue ID: MSV-2056.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| android | |
| android | |
| android | |
| android | |
| mediatek | mt6739 |
| mediatek | mt6761 |
| mediatek | mt6765 |
| mediatek | mt6768 |
| mediatek | mt6771 |
| mediatek | mt6779 |
| mediatek | mt6781 |
| mediatek | mt6785 |
| mediatek | mt6833 |
| mediatek | mt6853 |
| mediatek | mt6873 |
| mediatek | mt6877 |
| mediatek | mt6885 |
| mediatek | mt6893 |
| mediatek | mt8167 |
| mediatek | mt8167s |
| mediatek | mt8175 |
| mediatek | mt8185 |
| mediatek | mt8195 |
| mediatek | mt8321 |
| mediatek | mt8362a |
| mediatek | mt8365 |
| mediatek | mt8385 |
| mediatek | mt8395 |
| mediatek | mt8666 |
| mediatek | mt8667 |
| mediatek | mt8673 |
| mediatek | mt8675 |
| mediatek | mt8678 |
| mediatek | mt8765 |
| mediatek | mt8766 |
| mediatek | mt8768 |
| mediatek | mt8771 |
| mediatek | mt8775 |
| mediatek | mt8781 |
| mediatek | mt8786 |
| mediatek | mt8788 |
| mediatek | mt8789 |
| mediatek | mt8791t |
| mediatek | mt8795t |
| mediatek | mt8797 |
| mediatek | mt8798 |
| mediatek | mt8893 |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-20643? +
How severe is CVE-2025-20643? +
What products are affected by CVE-2025-20643? +
How do I check if I'm vulnerable to CVE-2025-20643? +
Related Vulnerabilities
This vulnerability exists in Meon KYC solutions due to debug mode is enabled in certain API endpoints. A remote attacker …
Backpropagate is a Python library for fine-tuning large language models on a single GPU. In versions 1.1.0 and 1.1.1, the …
ai-client-html is an Aimeos e-commerce HTML client component. Debug information revealed sensitive information from environment variables in error log. This …
Debug Messages Revealing Unnecessary Information vulnerability in TLA Media GTM Kit gtm-kit allows Retrieve Embedded Sensitive Data.This issue affects GTM …
C300 information leak due to an analysis feature which allows extracting more memory over the network than required by the …
Apache Airflow versions before 2.10.3 contain a vulnerability that could expose sensitive configuration variables in task logs. This vulnerability allows …