What is the CVSS score of EUVD-2025-16598?

EUVD-2025-16598 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.3%.

Which versions of Bluetooth are affected by EUVD-2025-16598?

CVE-2025-20672 is a critical Bluetooth driver vulnerability affecting local privilege escalation with a 9.8 CVSS score.

How to fix or mitigate EUVD-2025-16598?

Within 24 hours: Identify and inventory all affected devices using vulnerable Bluetooth drivers; disable Bluetooth on non-essential systems. Within 7 days: Implement network segmentation to restrict affected devices from sensitive network segments; establish a patch readiness plan. Within 30 days: Deploy vendor patch WCNCR00412257 via staged rollout; validate remediation across all affected systems.

Bluetooth EUVD-2025-16598

| CVE-2025-20672 CRITICAL

Heap-based Buffer Overflow (CWE-122)

2025-06-02 security@mediatek.com

Bluetooth Privilege Escalation Buffer Overflow Mt7902 Firmware Mt7927 Firmware Mt7921 Firmware Mt7922 Firmware Mt7925 Firmware

9.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

9.8 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 16:47 euvd

EUVD-2025-16598

Analysis Generated

Mar 14, 2026 - 16:47 vuln.today

CVE Published

Jun 02, 2025 - 03:15 nvd

CRITICAL 9.8

DescriptionCVE.org

In Bluetooth driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00412257; Issue ID: MSV-3292.

AnalysisAI

Heap OOB write in Android Bluetooth driver via incorrect bounds check.

Technical ContextAI

CWE-122.

RemediationAI

Apply Android security update.

EUVD-2025-16598 vulnerability details – vuln.today

Back

Bluetooth EUVD-2025-16598

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code