MediaTek DPE UAF Memory Corruption Priv Esc
CVE-2025-20805 Published on January 6, 2026

In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10114696; Issue ID: MSV-4480.

NVD

Vulnerability Analysis

CVE-2025-20805 can be exploited with local system access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:

LOCAL

Attack Complexity:

LOW

Privileges Required:

HIGH

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

What is a Dangling pointer Vulnerability?

Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

CVE-2025-20805 has been classified to as a Dangling pointer vulnerability or weakness.

Affected Versions

MediaTek, Inc. MT6899, MT6991, MT8793 Version Android 16.0 is affected by CVE-2025-20805

Exploit Probability

EPSS

0.01%

Percentile

0.36%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

MediaTek DPE UAF Memory Corruption Priv EscCVE-2025-20805 Published on January 6, 2026

Vulnerability Analysis

Weakness Type

What is a Dangling pointer Vulnerability?

Affected Versions

Exploit Probability

MediaTek DPE UAF Memory Corruption Priv Esc
CVE-2025-20805 Published on January 6, 2026