Cyber Posture

CVE-2025-20781

High

Published: 06 January 2026

Published
06 January 2026
Modified
30 March 2026
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 0.8th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-20781 is a high-severity Double Free (CWE-415) vulnerability in Google Android. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 0.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-16 Memory Protection good match
prevent

Implements memory protection mechanisms such as ASLR, DEP, and stack canaries that directly prevent exploitation of use-after-free vulnerabilities in the display component.

SI-2 Flaw Remediation good match
prevent

Requires timely remediation of identified flaws like this MediaTek display use-after-free vulnerability through patching (ALPS10182914).

SC-39 Process Isolation partial match
prevent

Provides process isolation for the display subsystem to contain memory corruption and limit local privilege escalation from System privilege.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Direct local privilege escalation via memory corruption/use-after-free in a privileged display subsystem component.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID:…

more

ALPS10182914; Issue ID: MSV-4699.

Deeper analysisAI

CVE-2025-20781 is a memory corruption vulnerability stemming from a use-after-free error (CWE-415, CWE-416) in the display component of MediaTek products. This flaw affects devices utilizing MediaTek chipsets, particularly those running platforms like ALPS, as indicated by the associated Patch ID ALPS10182914 and Issue ID MSV-4699. The vulnerability has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), highlighting its potential for significant impact with relatively low complexity.

A local attacker with low privileges (PR:L) can exploit this issue without user interaction to achieve escalation of privilege. Specifically, the description notes that exploitation is feasible if the malicious actor has already obtained System privilege, enabling arbitrary code execution or further compromise through memory corruption in the display subsystem.

MediaTek's January 2026 Product Security Bulletin at https://corp.mediatek.com/product-security-bulletin/January-2026 details the patch (ALPS10182914) to address this vulnerability. Security practitioners should prioritize applying this update to affected MediaTek-based devices to mitigate the risk of local privilege escalation.

Details

CWE(s)
CWE-415CWE-416

Affected Products

google
android
14.0, 15.0, 16.0

CVEs Like This One

CVE-2025-20780Same product: Google Android
CVE-2025-20778Same product: Google Android
CVE-2025-20795Same product: Google Android
CVE-2026-20411Same product: Google Android
CVE-2025-20798Same product: Google Android
CVE-2025-20797Same product: Google Android
CVE-2025-20799Same product: Google Android
CVE-2025-20645Same product: Google Android
CVE-2025-20641Same product: Google Android
CVE-2026-20412Same product: Google Android

References