CVE-2025-20799 – CVE-2025-20799 is a use-after-free vulnerabilit... (How to Fix)

Q: What is the severity of CVE-2025-20799?

CVE-2025-20799 has a CVSS score of 7.8 (HIGH). CVE-2025-20799 is a use-after-free vulnerability in c2ps that allows memory corruption. This enables local privilege escalation from System privilege to higher privileges without user interaction. Affects systems using vulnerable versions of c2ps, particularly MediaTek devices.

📋 TL;DR

CVE-2025-20799 is a use-after-free vulnerability in c2ps that allows memory corruption. This enables local privilege escalation from System privilege to higher privileges without user interaction. Affects systems using vulnerable versions of c2ps, particularly MediaTek devices.

💻 Affected Systems

Products:

MediaTek devices with c2ps component

Versions: Versions prior to patch ALPS10274607

Operating Systems: Android/Linux-based systems

Default Config Vulnerable: ⚠️ Yes

Notes: Requires System privilege access initially; affects MediaTek chipsets with c2ps driver.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with kernel-level access, allowing complete control over the device, data theft, and persistence mechanisms.

🟠

Likely Case

Local privilege escalation from System to kernel/root privileges, enabling installation of malware, credential theft, and lateral movement.

🟢

If Mitigated

Limited impact if proper privilege separation and SELinux/app sandboxing are enforced, though kernel compromise may still be possible.

🌐 Internet-Facing: LOW

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires System privilege first; memory corruption techniques needed for privilege escalation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patch ID: ALPS10274607

Vendor Advisory: https://corp.mediatek.com/product-security-bulletin/January-2026

Restart Required: Yes

Instructions:

1. Check device vendor for firmware updates. 2. Apply MediaTek security patch ALPS10274607. 3. Reboot device after patch installation.

🔧 Temporary Workarounds

Restrict System Privilege Access

all

Limit applications and users with System privilege to reduce attack surface.

Enable SELinux Enforcement

linux

Enforce SELinux policies to contain potential privilege escalation.

setenforce 1

🧯 If You Can't Patch

Isolate affected devices from critical networks and sensitive data.
Implement strict application allowlisting to prevent malicious apps from obtaining System privilege.

🔍 How to Verify

Check if Vulnerable:

Check device firmware version against MediaTek security bulletin; verify c2ps driver version.

Check Version:

Check device build number or firmware version in Android settings.

Verify Fix Applied:

Confirm patch ALPS10274607 is applied via device settings or vendor update verification.

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs, abnormal c2ps process behavior, privilege escalation attempts in audit logs

Network Indicators:

Unusual outbound connections from privileged processes

SIEM Query:

Process creation events with parent process c2ps or privilege changes from System to root.

📊 Metadata

CVE ID: CVE-2025-20799

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

EPSS Score: 0.01% exploit probability (0.3th percentile)

Published: January 6, 2026

Last Updated: January 8, 2026

🔗 References

https://corp.mediatek.com/product-security-bulletin/January-2026 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-20799, you might also want to check these: