{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-03T18:51:58.987","vulnerabilities":[{"cve":{"id":"CVE-2025-20657","sourceIdentifier":"security@mediatek.com","published":"2025-04-07T04:15:19.577","lastModified":"2025-04-18T16:11:52.513","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In vdec, there is a possible permission bypass due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09486425; Issue ID: MSV-2609."},{"lang":"es","value":"En vdec, existe una posible omisión de permisos debido a una validación de entrada incorrecta. Esto podría provocar una escalada local de privilegios si un actor malicioso ya ha obtenido el privilegio de System. No se requiere la interacción del usuario para la explotación. ID de parche: ALPS09486425; ID de problema: MSV-2609."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":5.9}]},"weaknesses":[{"source":"security@mediatek.com","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*","matchCriteriaId":"F8FB8EE9-FC56-4D5E-AE55-A5967634740C"},{"vulnerable":true,"criteria":"cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*","matchCriteriaId":"8538774C-906D-4B03-A3E7-FA7A55E0DA9E"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*","matchCriteriaId":"43E779F6-F0A0-4153-9A1D-B715C3A2F80E"},{"vulnerable":false,"criteria":"cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*","matchCriteriaId":"06CD97E1-8A76-48B4-9780-9698EF5A960F"},{"vulnerable":false,"criteria":"cpe:2.3:h:mediatek:mt6781:-:*:*:*:*:*:*:*","matchCriteriaId":"C4EEE021-6B2A-47A0-AC6B-55525A40D718"},{"vulnerable":false,"criteria":"cpe:2.3:h:mediatek:mt6789:-:*:*:*:*:*:*:*","matchCriteriaId":"8B9B0D82-82C1-4A77-A016-329B99C45F49"},{"vulnerable":false,"criteria":"cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*","matchCriteriaId":"9814939B-F05E-4870-90C0-7C0F6BAAEB39"},{"vulnerable":false,"criteria":"cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*","matchCriteriaId":"366F1912-756B-443E-9962-224937DD7DFB"},{"vulnerable":false,"criteria":"cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*","matchCriteriaId":"7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58"},{"vulnerable":false,"criteria":"cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*","matchCriteriaId":"DD64413C-C774-4C4F-9551-89E1AA9469EE"},{"vulnerable":false,"criteria":"cpe:2.3:h:mediatek:mt8768:-:*:*:*:*:*:*:*","matchCriteriaId":"1CC6E254-11A9-49CE-83FE-6DAC23E7D7AA"},{"vulnerable":false,"criteria":"cpe:2.3:h:mediatek:mt8771:-:*:*:*:*:*:*:*","matchCriteriaId":"0D09F23D-D023-4A60-B426-61251FDD8A5A"},{"vulnerable":false,"criteria":"cpe:2.3:h:mediatek:mt8781:-:*:*:*:*:*:*:*","matchCriteriaId":"533284E5-C3AF-48D3-A287-993099DB2E41"},{"vulnerable":false,"criteria":"cpe:2.3:h:mediatek:mt8786:-:*:*:*:*:*:*:*","matchCriteriaId":"9D2D5F91-6AAB-4516-AD01-5C60F58BA4A6"},{"vulnerable":false,"criteria":"cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*","matchCriteriaId":"1BB05B1D-77C9-4E42-91AD-9F087413DC20"}]}]}],"references":[{"url":"https://corp.mediatek.com/product-security-bulletin/April-2025","source":"security@mediatek.com","tags":["Vendor Advisory"]}]}}]}