Information Disclosure in WLAN AP Driver by MediaTek
CVE-2025-20664

7.5HIGH

Key Information:

Vendor: MediaTek
Status: Mt7915, Mt7916, Mt7981, Mt7986, Mt7990, Mt7992
Vendor: CVE Published:; 7 April 2025

What is CVE-2025-20664?

A vulnerability exists in the WLAN access point (AP) driver developed by MediaTek, which may result in unintended information disclosure. This issue is caused by an uncaught exception that can be exploited in scenarios where an attacker is proximal or adjacent to the vulnerable device. Remarkably, the exploitation of this vulnerability does not necessitate any user interaction, making it a significant concern for organizations relying on impacted products. A patch is available to address this issue, and users are encouraged to update to the latest version.

Affected Version(s)

MT7915, MT7916, MT7981, MT7986, MT7990, MT7992 SDK release 7.4.0.1 (MT7915) and 7.6.7.2 (MT7916, MT798X) and 8.2.1.4 (MT799X) and before

References

https://corp.mediatek.com/product-security-bulletin/April...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 7, 2025
Vulnerability Reserved
Nov 1, 2024