{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-20677", "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "state": "PUBLISHED", "assignerShortName": "MediaTek", "dateReserved": "2024-11-01T01:21:50.371Z", "datePublished": "2025-06-02T02:29:46.322Z", "dateUpdated": "2025-06-03T17:38:33.780Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "shortName": "MediaTek", "dateUpdated": "2025-06-02T02:29:46.322Z"}, "descriptions": [{"lang": "en", "value": "In Bluetooth driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00412256; Issue ID: MSV-3284."}], "affected": [{"vendor": "MediaTek, Inc.", "product": "MT7902, MT7921, MT7922, MT7925, MT7927", "versions": [{"version": "NB SDK release 3.6 and before", "status": "affected"}]}], "references": [{"url": "https://corp.mediatek.com/product-security-bulletin/June-2025"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference"}]}]}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-06-03T17:37:57.400126Z", "id": "CVE-2025-20677", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-03T17:38:33.780Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-20677", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-03T17:37:57.400126Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-03T17:38:16.999Z"}}], "cna": {"affected": [{"vendor": "MediaTek, Inc.", "product": "MT7902, MT7921, MT7922, MT7925, MT7927", "versions": [{"status": "affected", "version": "NB SDK release 3.6 and before"}]}], "references": [{"url": "https://corp.mediatek.com/product-security-bulletin/June-2025"}], "descriptions": [{"lang": "en", "value": "In Bluetooth driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00412256; Issue ID: MSV-3284."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "shortName": "MediaTek", "dateUpdated": "2025-06-02T02:29:46.322Z"}}}, "cveMetadata": {"cveId": "CVE-2025-20677", "state": "PUBLISHED", "dateUpdated": "2025-06-03T17:38:33.780Z", "dateReserved": "2024-11-01T01:21:50.371Z", "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "datePublished": "2025-06-02T02:29:46.322Z", "assignerShortName": "MediaTek"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In Bluetooth driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00412256; Issue ID: MSV-3284."}, {"lang": "es", "value": "En el controlador Bluetooth, existe un posible fallo del sistema debido a una excepci\u00f3n no detectada. Esto podr\u00eda provocar una denegaci\u00f3n de servicio local, con privilegios de ejecuci\u00f3n de usuario requeridos. No se requiere la interacci\u00f3n del usuario para su explotaci\u00f3n. ID de parche: WCNCR00412256; ID de problema: MSV-3284."}], "id": "CVE-2025-20677", "lastModified": "2025-06-03T18:15:24.633", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-06-02T03:15:25.103", "references": [{"source": "security@mediatek.com", "url": "https://corp.mediatek.com/product-security-bulletin/June-2025"}], "sourceIdentifier": "security@mediatek.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "security@mediatek.com", "type": "Secondary"}]}

{}