Common Weakness Enumeration

CWE-121

Allowed

Stack-based Buffer Overflow

Abstraction: Variant · Status: Draft

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

5209 vulnerabilities reference this CWE, most recent first.

CVE-2025-23284 (GCVE-0-2025-23284)

Vulnerability from cvelistv5 – Published: 2025-08-02 22:16 – Updated: 2026-02-26 17:50
VLAI
Summary
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause a stack buffer overflow. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, or data tampering.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-23284",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-05T03:56:39.587554Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T17:50:07.252Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "GPU Display Drivers",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "R570"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause a stack buffer overflow. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, or data tampering.\u003c/span\u003e\n\n\u003c/span\u003e"
            }
          ],
          "value": "NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause a stack buffer overflow. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, or data tampering."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Code execution, denial of service, Information disclosure, data tampering"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-02T22:16:50.073Z",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5670"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2025-23284",
    "datePublished": "2025-08-02T22:16:50.073Z",
    "dateReserved": "2025-01-14T01:06:25.307Z",
    "dateUpdated": "2026-02-26T17:50:07.252Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-23283 (GCVE-0-2025-23283)

Vulnerability from cvelistv5 – Published: 2025-08-02 22:13 – Updated: 2026-02-26 17:50
VLAI
Summary
NVIDIA vGPU software for Linux-style hypervisors contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause stack buffer overflow. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
NVIDIA GPU Display Drivers Affected: R535, R570
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-23283",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-08-05T03:56:38.512629Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T17:50:07.602Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "GPU Display Drivers",
          "vendor": "NVIDIA",
          "versions": [
            {
              "status": "affected",
              "version": "R535, R570"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNVIDIA vGPU software for Linux-style hypervisors contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause stack buffer overflow. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.\u003c/span\u003e"
            }
          ],
          "value": "NVIDIA vGPU software for Linux-style hypervisors contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause stack buffer overflow. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Code execution, denial of service, escalation of privileges, Information disclosure, data tampering"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-08-02T22:13:17.132Z",
        "orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
        "shortName": "nvidia"
      },
      "references": [
        {
          "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5670"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
    "assignerShortName": "nvidia",
    "cveId": "CVE-2025-23283",
    "datePublished": "2025-08-02T22:13:17.132Z",
    "dateReserved": "2025-01-14T01:06:25.307Z",
    "dateUpdated": "2026-02-26T17:50:07.602Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-22467 (GCVE-0-2025-22467)

Vulnerability from cvelistv5 – Published: 2025-02-11 15:20 – Updated: 2026-02-26 19:09
VLAI
Summary
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
Impacted products
Vendor Product Version
Ivanti Connect Secure Unaffected: 22.7R2.6 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-22467",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-13T04:55:16.382692Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T19:09:18.525Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Connect Secure",
          "vendor": "Ivanti",
          "versions": [
            {
              "status": "unaffected",
              "version": "22.7R2.6",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e"
            }
          ],
          "value": "A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-11T15:20:16.514Z",
        "orgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
        "shortName": "ivanti"
      },
      "references": [
        {
          "url": "https://forums.ivanti.com/s/article/February-Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-and-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
    "assignerShortName": "ivanti",
    "cveId": "CVE-2025-22467",
    "datePublished": "2025-02-11T15:20:16.514Z",
    "dateReserved": "2025-01-07T02:19:27.272Z",
    "dateUpdated": "2026-02-26T19:09:18.525Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-22457 (GCVE-0-2025-22457)

Vulnerability from cvelistv5 – Published: 2025-04-03 15:20 – Updated: 2026-02-26 18:28
VLAI
Summary
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.
SSVC
Exploitation: active Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow
Assigner
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-22457",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-24T03:55:18.340082Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2025-04-04",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22457"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T18:28:57.480Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22457"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2025-04-04T00:00:00.000Z",
            "value": "CVE-2025-22457 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Connect Secure",
          "vendor": "Ivanti",
          "versions": [
            {
              "status": "unaffected",
              "version": "22.7R2.6",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Policy Secure",
          "vendor": "Ivanti",
          "versions": [
            {
              "status": "unaffected",
              "version": "22.7R1.4",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Neurons for ZTA gateways",
          "vendor": "Ivanti",
          "versions": [
            {
              "status": "unaffected",
              "version": "22.8R2.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.\u003c/span\u003e"
            }
          ],
          "value": "A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-100",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-100 Overflow Buffers"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-03T15:20:23.628Z",
        "orgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
        "shortName": "ivanti"
      },
      "references": [
        {
          "url": "https://forums.ivanti.com/s/article/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
    "assignerShortName": "ivanti",
    "cveId": "CVE-2025-22457",
    "datePublished": "2025-04-03T15:20:23.628Z",
    "dateReserved": "2025-01-07T02:19:22.796Z",
    "dateUpdated": "2026-02-26T18:28:57.480Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-21163 (GCVE-0-2025-21163)

Vulnerability from cvelistv5 – Published: 2025-02-11 17:27 – Updated: 2026-02-26 19:09
VLAI
Title
Illustrator | Stack-based Buffer Overflow (CWE-121)
Summary
Illustrator versions 29.1, 28.7.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow (CWE-121)
Assigner
References
Impacted products
Vendor Product Version
Adobe Illustrator Affected: 0 , ≤ 28.7.3 (semver)
Create a notification for this product.
Date Public
2025-02-11 17:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-21163",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-14T04:55:32.921887Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T19:09:13.139Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Illustrator",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "28.7.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-02-11T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Illustrator versions 29.1, 28.7.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 7.8,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "LOCAL",
            "modifiedAvailabilityImpact": "HIGH",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "Stack-based Buffer Overflow (CWE-121)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-02-11T17:27:40.356Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/illustrator/apsb25-11.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Illustrator | Stack-based Buffer Overflow (CWE-121)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2025-21163",
    "datePublished": "2025-02-11T17:27:40.356Z",
    "dateReserved": "2024-12-04T17:19:21.477Z",
    "dateUpdated": "2026-02-26T19:09:13.139Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-21128 (GCVE-0-2025-21128)

Vulnerability from cvelistv5 – Published: 2025-01-14 18:58 – Updated: 2025-02-12 20:31
VLAI
Title
Substance3D - Stager | Stack-based Buffer Overflow (CWE-121)
Summary
Substance3D - Stager versions 3.0.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-121 - Stack-based Buffer Overflow (CWE-121)
Assigner
References
Impacted products
Vendor Product Version
Adobe Substance3D - Stager Affected: 0 , ≤ 3.0.4 (semver)
Create a notification for this product.
Date Public
2025-01-14 17:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-21128",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-14T21:19:13.519818Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-12T20:31:19.469Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Substance3D - Stager",
          "vendor": "Adobe",
          "versions": [
            {
              "lessThanOrEqual": "3.0.4",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "datePublic": "2025-01-14T17:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Substance3D - Stager versions 3.0.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "availabilityRequirement": "NOT_DEFINED",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "confidentialityRequirement": "NOT_DEFINED",
            "environmentalScore": 7.8,
            "environmentalSeverity": "HIGH",
            "exploitCodeMaturity": "NOT_DEFINED",
            "integrityImpact": "HIGH",
            "integrityRequirement": "NOT_DEFINED",
            "modifiedAttackComplexity": "LOW",
            "modifiedAttackVector": "LOCAL",
            "modifiedAvailabilityImpact": "HIGH",
            "modifiedConfidentialityImpact": "HIGH",
            "modifiedIntegrityImpact": "HIGH",
            "modifiedPrivilegesRequired": "NONE",
            "modifiedScope": "UNCHANGED",
            "modifiedUserInteraction": "REQUIRED",
            "privilegesRequired": "NONE",
            "remediationLevel": "NOT_DEFINED",
            "reportConfidence": "NOT_DEFINED",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "temporalSeverity": "HIGH",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "Stack-based Buffer Overflow (CWE-121)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-14T18:58:30.257Z",
        "orgId": "078d4453-3bcd-4900-85e6-15281da43538",
        "shortName": "adobe"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb25-03.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Substance3D - Stager | Stack-based Buffer Overflow (CWE-121)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538",
    "assignerShortName": "adobe",
    "cveId": "CVE-2025-21128",
    "datePublished": "2025-01-14T18:58:30.257Z",
    "dateReserved": "2024-12-04T17:19:21.473Z",
    "dateUpdated": "2025-02-12T20:31:19.469Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-20797 (GCVE-0-2025-20797)

Vulnerability from cvelistv5 – Published: 2026-01-06 01:46 – Updated: 2026-03-30 13:04
VLAI
Summary
In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10315812; Issue ID: MSV-5534.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
MediaTek, Inc. MediaTek chipset Affected: MT2718
Affected: MT6765
Affected: MT6768
Affected: MT6781
Affected: MT6833
Affected: MT6835
Affected: MT6853
Affected: MT6855
Affected: MT6877
Affected: MT6879
Affected: MT6893
Affected: MT6985
Affected: MT6989
Affected: MT6991
Affected: MT8186
Affected: MT8188
Affected: MT8196
Affected: MT8367
Affected: MT8391
Affected: MT8676
Affected: MT8678
Affected: MT8696
Affected: MT8766
Affected: MT8768
Affected: MT8781
Affected: MT8786
Affected: MT8788E
Affected: MT8791T
Affected: MT8792
Affected: MT8793
Affected: MT8796
Affected: MT8873
Affected: MT8883
Affected: MT8893
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-20797",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-07T04:55:49.428219Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T15:04:59.091Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "MediaTek chipset",
          "vendor": "MediaTek, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "MT2718"
            },
            {
              "status": "affected",
              "version": "MT6765"
            },
            {
              "status": "affected",
              "version": "MT6768"
            },
            {
              "status": "affected",
              "version": "MT6781"
            },
            {
              "status": "affected",
              "version": "MT6833"
            },
            {
              "status": "affected",
              "version": "MT6835"
            },
            {
              "status": "affected",
              "version": "MT6853"
            },
            {
              "status": "affected",
              "version": "MT6855"
            },
            {
              "status": "affected",
              "version": "MT6877"
            },
            {
              "status": "affected",
              "version": "MT6879"
            },
            {
              "status": "affected",
              "version": "MT6893"
            },
            {
              "status": "affected",
              "version": "MT6985"
            },
            {
              "status": "affected",
              "version": "MT6989"
            },
            {
              "status": "affected",
              "version": "MT6991"
            },
            {
              "status": "affected",
              "version": "MT8186"
            },
            {
              "status": "affected",
              "version": "MT8188"
            },
            {
              "status": "affected",
              "version": "MT8196"
            },
            {
              "status": "affected",
              "version": "MT8367"
            },
            {
              "status": "affected",
              "version": "MT8391"
            },
            {
              "status": "affected",
              "version": "MT8676"
            },
            {
              "status": "affected",
              "version": "MT8678"
            },
            {
              "status": "affected",
              "version": "MT8696"
            },
            {
              "status": "affected",
              "version": "MT8766"
            },
            {
              "status": "affected",
              "version": "MT8768"
            },
            {
              "status": "affected",
              "version": "MT8781"
            },
            {
              "status": "affected",
              "version": "MT8786"
            },
            {
              "status": "affected",
              "version": "MT8788E"
            },
            {
              "status": "affected",
              "version": "MT8791T"
            },
            {
              "status": "affected",
              "version": "MT8792"
            },
            {
              "status": "affected",
              "version": "MT8793"
            },
            {
              "status": "affected",
              "version": "MT8796"
            },
            {
              "status": "affected",
              "version": "MT8873"
            },
            {
              "status": "affected",
              "version": "MT8883"
            },
            {
              "status": "affected",
              "version": "MT8893"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10315812; Issue ID: MSV-5534."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-30T13:04:10.997Z",
        "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "shortName": "MediaTek"
      },
      "references": [
        {
          "url": "https://corp.mediatek.com/product-security-bulletin/January-2026"
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
    "assignerShortName": "MediaTek",
    "cveId": "CVE-2025-20797",
    "datePublished": "2026-01-06T01:46:41.998Z",
    "dateReserved": "2024-11-01T01:21:50.403Z",
    "dateUpdated": "2026-03-30T13:04:10.997Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-20794 (GCVE-0-2025-20794)

Vulnerability from cvelistv5 – Published: 2026-01-06 01:46 – Updated: 2026-03-30 13:03
VLAI
Summary
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689259 / MOLY01586470; Issue ID: MSV-4847.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
MediaTek, Inc. MediaTek chipset Affected: MT2735
Affected: MT2737
Affected: MT6813
Affected: MT6815
Affected: MT6833
Affected: MT6835
Affected: MT6853
Affected: MT6855
Affected: MT6873
Affected: MT6875
Affected: MT6877
Affected: MT6878
Affected: MT6879
Affected: MT6880
Affected: MT6883
Affected: MT6885
Affected: MT6886
Affected: MT6889
Affected: MT6890
Affected: MT6891
Affected: MT6893
Affected: MT6895
Affected: MT6896
Affected: MT6897
Affected: MT6899
Affected: MT6980
Affected: MT6983
Affected: MT6985
Affected: MT6986
Affected: MT6989
Affected: MT6990
Affected: MT6991
Affected: MT6993
Affected: MT8673
Affected: MT8675
Affected: MT8676
Affected: MT8678
Affected: MT8755
Affected: MT8771
Affected: MT8791
Affected: MT8791T
Affected: MT8792
Affected: MT8793
Affected: MT8795T
Affected: MT8797
Affected: MT8798
Affected: MT8863
Affected: MT8873
Affected: MT8883
Affected: MT8893
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "ADJACENT_NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-20794",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-17T14:21:10.532009Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-17T14:21:13.568Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "MediaTek chipset",
          "vendor": "MediaTek, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "MT2735"
            },
            {
              "status": "affected",
              "version": "MT2737"
            },
            {
              "status": "affected",
              "version": "MT6813"
            },
            {
              "status": "affected",
              "version": "MT6815"
            },
            {
              "status": "affected",
              "version": "MT6833"
            },
            {
              "status": "affected",
              "version": "MT6835"
            },
            {
              "status": "affected",
              "version": "MT6853"
            },
            {
              "status": "affected",
              "version": "MT6855"
            },
            {
              "status": "affected",
              "version": "MT6873"
            },
            {
              "status": "affected",
              "version": "MT6875"
            },
            {
              "status": "affected",
              "version": "MT6877"
            },
            {
              "status": "affected",
              "version": "MT6878"
            },
            {
              "status": "affected",
              "version": "MT6879"
            },
            {
              "status": "affected",
              "version": "MT6880"
            },
            {
              "status": "affected",
              "version": "MT6883"
            },
            {
              "status": "affected",
              "version": "MT6885"
            },
            {
              "status": "affected",
              "version": "MT6886"
            },
            {
              "status": "affected",
              "version": "MT6889"
            },
            {
              "status": "affected",
              "version": "MT6890"
            },
            {
              "status": "affected",
              "version": "MT6891"
            },
            {
              "status": "affected",
              "version": "MT6893"
            },
            {
              "status": "affected",
              "version": "MT6895"
            },
            {
              "status": "affected",
              "version": "MT6896"
            },
            {
              "status": "affected",
              "version": "MT6897"
            },
            {
              "status": "affected",
              "version": "MT6899"
            },
            {
              "status": "affected",
              "version": "MT6980"
            },
            {
              "status": "affected",
              "version": "MT6983"
            },
            {
              "status": "affected",
              "version": "MT6985"
            },
            {
              "status": "affected",
              "version": "MT6986"
            },
            {
              "status": "affected",
              "version": "MT6989"
            },
            {
              "status": "affected",
              "version": "MT6990"
            },
            {
              "status": "affected",
              "version": "MT6991"
            },
            {
              "status": "affected",
              "version": "MT6993"
            },
            {
              "status": "affected",
              "version": "MT8673"
            },
            {
              "status": "affected",
              "version": "MT8675"
            },
            {
              "status": "affected",
              "version": "MT8676"
            },
            {
              "status": "affected",
              "version": "MT8678"
            },
            {
              "status": "affected",
              "version": "MT8755"
            },
            {
              "status": "affected",
              "version": "MT8771"
            },
            {
              "status": "affected",
              "version": "MT8791"
            },
            {
              "status": "affected",
              "version": "MT8791T"
            },
            {
              "status": "affected",
              "version": "MT8792"
            },
            {
              "status": "affected",
              "version": "MT8793"
            },
            {
              "status": "affected",
              "version": "MT8795T"
            },
            {
              "status": "affected",
              "version": "MT8797"
            },
            {
              "status": "affected",
              "version": "MT8798"
            },
            {
              "status": "affected",
              "version": "MT8863"
            },
            {
              "status": "affected",
              "version": "MT8873"
            },
            {
              "status": "affected",
              "version": "MT8883"
            },
            {
              "status": "affected",
              "version": "MT8893"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01689259 / MOLY01586470; Issue ID: MSV-4847."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-30T13:03:54.464Z",
        "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "shortName": "MediaTek"
      },
      "references": [
        {
          "url": "https://corp.mediatek.com/product-security-bulletin/January-2026"
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
    "assignerShortName": "MediaTek",
    "cveId": "CVE-2025-20794",
    "datePublished": "2026-01-06T01:46:31.408Z",
    "dateReserved": "2024-11-01T01:21:50.403Z",
    "dateUpdated": "2026-03-30T13:03:54.464Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-20769 (GCVE-0-2025-20769)

Vulnerability from cvelistv5 – Published: 2025-12-02 02:34 – Updated: 2026-02-26 16:57
VLAI
Summary
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4804.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "NONE",
              "baseScore": 3.4,
              "baseSeverity": "LOW",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "HIGH",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-20769",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-03T04:55:28.682838Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T16:57:44.784Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MT2718, MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT8196, MT8676, MT8678, MT8792, MT8793",
          "vendor": "MediaTek, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "Android 14.0, 15.0, 16.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4804."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-02T02:34:35.515Z",
        "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "shortName": "MediaTek"
      },
      "references": [
        {
          "url": "https://corp.mediatek.com/product-security-bulletin/December-2025"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
    "assignerShortName": "MediaTek",
    "cveId": "CVE-2025-20769",
    "datePublished": "2025-12-02T02:34:35.515Z",
    "dateReserved": "2024-11-01T01:21:50.399Z",
    "dateUpdated": "2026-02-26T16:57:44.784Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-20749 (GCVE-0-2025-20749)

Vulnerability from cvelistv5 – Published: 2025-11-04 06:20 – Updated: 2026-02-26 17:47
VLAI
Summary
In charger, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09915493; Issue ID: MSV-3800.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 6.7,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "HIGH",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-20749",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-05T04:55:29.072232Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T17:47:19.762Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MT6789, MT6835, MT6855, MT6878, MT6879, MT6886, MT6897, MT6899, MT6983, MT6985, MT6989, MT6991, MT8169, MT8188, MT8195, MT8196, MT8781, MT8796",
          "vendor": "MediaTek, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "Android 14.0, 15.0, 16.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In charger, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09915493; Issue ID: MSV-3800."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121 Stack Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-04T06:20:51.979Z",
        "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
        "shortName": "MediaTek"
      },
      "references": [
        {
          "url": "https://corp.mediatek.com/product-security-bulletin/November-2025"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374",
    "assignerShortName": "MediaTek",
    "cveId": "CVE-2025-20749",
    "datePublished": "2025-11-04T06:20:51.979Z",
    "dateReserved": "2024-11-01T01:21:50.396Z",
    "dateUpdated": "2026-02-26T17:47:19.762Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation MIT-10
Operation Build and Compilation

Strategy: Environment Hardening

  • Use automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking.
  • D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses canary-based detection in detail.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Implementation

Implement and perform bounds checking on input.

Mitigation
Implementation

Do not use dangerous functions such as gets. Use safer, equivalent functions which check for boundary errors.

Mitigation MIT-11
Operation Build and Compilation

Strategy: Environment Hardening

  • Run or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code.
  • Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported modules may be similarly realigned if their default memory addresses conflict with other modules, in a process known as "rebasing" (for Windows) and "prelinking" (for Linux) [REF-1332] using randomly generated addresses. ASLR for libraries cannot be used in conjunction with prelink since it would require relocating the libraries at run-time, defeating the whole purpose of prelinking.
  • For more information on these techniques see D3-SAOR (Segment Address Offset Randomization) from D3FEND [REF-1335].

No CAPEC attack patterns related to this CWE.