Out of Bounds Write Vulnerability in MediaTek WLAN AP Driver
CVE-2025-20633

8.8HIGH

Key Information:

Vendor: MediaTek
Status: Mt7603, Mt7615, Mt7622, Mt7915
Vendor: CVE Published:; 3 February 2025

What is CVE-2025-20633?

The MediaTek WLAN AP driver suffers from a vulnerability that permits an out of bounds write due to improper bounds checking. This flaw can enable remote code execution without the need for additional execution privileges. Exploitation of this vulnerability does not require any user interaction, making it particularly concerning for users relying on affected products.

Affected Version(s)

MT7603, MT7615, MT7622, MT7915 SDK release 7.4.0.1 and before

References

https://corp.mediatek.com/product-security-bulletin/Febru...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 3, 2025
Vulnerability Reserved
Nov 1, 2024