Login Sign Up

CVE-2025-20665

5.5 MEDIUM

📋 TL;DR

This CVE describes an information disclosure vulnerability in devinfo on MediaTek devices where missing SELinux policies allow unauthorized access to device identifiers. Any local user or app can exploit this without privileges or user interaction. Affects MediaTek-based Android devices with vulnerable devinfo implementations.

💻 Affected Systems

Products:
  • MediaTek chipset-based Android devices
Versions: Specific MediaTek firmware versions before patch ALPS09555228
Operating Systems: Android with MediaTek components
Default Config Vulnerable: ⚠️ Yes
Notes: Requires devinfo component with missing SELinux policy; exact device models depend on MediaTek firmware integration.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Persistent device fingerprinting allowing tracking across apps/services, potential correlation of user activities, and exposure of unique device identifiers to malicious local apps.

🟠

Likely Case

Local apps harvesting device identifiers for analytics/tracking without proper permissions, potentially violating privacy regulations.

🟢

If Mitigated

Limited impact with proper app sandboxing and SELinux enforcement, though identifiers remain accessible to any local process.

🌐 Internet-Facing: LOW - Requires local access; cannot be exploited remotely.
🏢 Internal Only: MEDIUM - Any local user/app can exploit, but impact limited to information disclosure rather than system compromise.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Simple local read operation; no authentication or special privileges required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Firmware with patch ID ALPS09555228

Vendor Advisory: https://corp.mediatek.com/product-security-bulletin/May-2025

Restart Required: Yes

Instructions:

1. Check with device manufacturer for firmware updates. 2. Apply MediaTek firmware update containing patch ALPS09555228. 3. Reboot device after update.

🔧 Temporary Workarounds

SELinux Policy Enforcement

linux

Manually add SELinux policy to restrict devinfo access

Requires custom SELinux policy modification; consult device manufacturer for specific policy rules

🧯 If You Can't Patch

  • Restrict installation of untrusted apps to reduce local attack surface
  • Monitor for suspicious local process behavior accessing device identifiers

🔍 How to Verify

Check if Vulnerable:

Check if devinfo is accessible without SELinux denials in audit logs when accessed by unprivileged processes

Check Version:

Check firmware version via 'getprop ro.build.fingerprint' and compare with patched versions from manufacturer

Verify Fix Applied:

Verify SELinux policy now denies unauthorized devinfo access attempts in audit logs

📡 Detection & Monitoring

Log Indicators:

  • SELinux audit denials for devinfo access before patch
  • Multiple processes accessing /proc/devinfo or similar paths

Network Indicators:

  • None - purely local exploitation

SIEM Query:

source="android_audit" AND "avc: denied" AND "devinfo"

📊 Metadata

CVE ID: CVE-2025-20665
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-538
EPSS Score: 0.01% exploit probability (0.6th percentile)
Published: May 5, 2025
Last Updated: May 12, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-20665, you might also want to check these:

CVE-2025-12059 9.8

This vulnerability allows attackers to insert sensitive information into externally accessible files...

Same vulnerability type (CWE-538)
CVE-2023-46723 8.9

This vulnerability in lte-pic32-writer exposes sensitive API keys and webhook URLs stored in the sen...

Same vulnerability type (CWE-538)
CVE-2024-22433 8.8

Dell Data Protection Search versions 19.2.0 and above expose LDAP passwords in plain text through th...

Same vulnerability type (CWE-538)