Out of Bounds Write in WLAN AP Driver from MediaTek
CVE-2025-20681

9.8CRITICAL

Key Information:

Vendor: MediaTek
Status: Mt6890, Mt7615, Mt7622, Mt7663, Mt7915
Vendor: CVE Published:; 8 July 2025

What is CVE-2025-20681?

The WLAN AP driver from MediaTek is susceptible to an out of bounds write vulnerability due to an incorrect bounds check. This flaw could potentially enable a local user to escalate their privileges, as user execution privileges are required for exploitation. While user interaction is not necessary for the attack to succeed, it poses a significant risk to system integrity. Affected users are encouraged to apply the security patch identified by Patch ID WCNCR00416936 to mitigate this vulnerability.

Affected Version(s)

MT6890, MT7615, MT7622, MT7663, MT7915 SDK release 5.1.0.0 and before / openWRT 19.07, 21.02

References

https://corp.mediatek.com/product-security-bulletin/July-...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 8, 2025
Vulnerability Reserved
Nov 1, 2024