CVE-2025-20780
Published: 06 January 2026
Summary
CVE-2025-20780 is a high-severity Use After Free (CWE-416) vulnerability in Google Android. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 0.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-50 (Software-enforced Separation and Policy Enforcement) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Timely application of the vendor patch ALPS10184061 directly remediates the use-after-free memory corruption in the MediaTek display component, preventing local privilege escalation.
Implements memory protection methods such as ASLR, DEP, and stack canaries to prevent exploitation of the use-after-free vulnerability for arbitrary code execution and privilege escalation.
Enforces software-based separation policies, such as SELinux in Android ecosystems, to block privilege escalation even if the use-after-free in the display component is exploited by a local System-privileged attacker.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Local memory corruption (UAF) in MediaTek display component directly enables local privilege escalation to arbitrary code execution with no user interaction required.
NVD Description
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID:…
more
ALPS10184061; Issue ID: MSV-4712.
Deeper analysisAI
CVE-2025-20780 is a memory corruption vulnerability stemming from a use-after-free flaw (CWE-416) in the display component of MediaTek products. Published on January 6, 2026, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high impact potential. The issue is tracked under Patch ID ALPS10184061 and Issue ID MSV-4712.
A local attacker with low privileges can exploit this vulnerability without user interaction to achieve escalation of privilege, particularly if they have already obtained System-level access. Successful exploitation enables full control over confidentiality, integrity, and availability, potentially allowing the attacker to execute arbitrary code or further compromise the system.
MediaTek's January 2026 Product Security Bulletin provides details on the flaw and recommends applying the associated patch (ALPS10184061) to mitigate it. Security practitioners should prioritize updating affected MediaTek-based devices, such as those in Android ecosystems, to prevent local privilege escalation.
Details
- CWE(s)