December 2025 Product Security Bulletin Summary Severity Levels and CVEs Details High Severity Vulnerabilities CVE-2025-20792: Reachable assertion in Modem CVE-2025-20753: Uncaught exception in Modem CVE-2025-20754: Uncaught exception in Modem CVE-2025-20755: Null pointer dereference in Modem CVE-2025-20790: Null pointer dereference in Modem CVE-2025-20759: Out-of-bounds read in Modem CVE-2025-20758: Uncaught exception in Modem CVE-2025-20757: Reachable assertion in Modem CVE-2025-20756: Specified type in Modem CVE-2025-20752: Reachable assertion in Modem CVE-2025-20791: Reachable assertion in Modem Medium Severity Vulnerabilities CVE-2025-20763: Out-of-bounds write in mmdvfs CVE-2025-20764: Out-of-bounds write in smi CVE-2025-20765: Double free in aee daemon CVE-2025-20766: Use of uninitialized variable in display CVE-2025-20767: Out-of-bounds write in display CVE-2025-20768: Out-of-bounds read in display CVE-2025-20769: Stack overflow in display CVE-2025-20770: Use after free in display CVE-2025-20771: Use of uninitialized variable in display CVE-2025-20772: Double free in display CVE-2025-20773: Double free in display CVE-2025-20774: Heap overflow in display CVE-2025-20775: Double free in display CVE-2025-20776: Out-of-bounds read in display CVE-2025-20777: Out-of-bounds write in display CVE-2025-20788: Improper access control for register interface in GPU pdma CVE-2025-20789: Information exposure through sent data in GPU pdma Notes Information above is generated only at the time of creation of this Security Bulletin. The list of affected chipsets could be not complete. For any further information, device OEMs can reach your MediaTek contact person if needed. If you want to report a security vulnerability in MediaTek chipsets or products, please go to Report Vulnerability page on MediaTek website. ``` Key Information from Screenshot: Release Date: December 1, 2025 Affected Products: Multiple MediaTek chipsets, including but not limited to MT8189, MT8192, MT8389 Severity Classification: Vulnerabilities categorized as High and Medium. High-severity issues may lead to system crashes; Medium-severity issues may result in memory corruption or other security issues. Source of Reports: All vulnerabilities reported externally. Reporting Guidance: Contact MediaTek’s designated personnel for further inquiries or report vulnerabilities via the Report Vulnerability page on MediaTek’s official website.