Out of Bounds Write in WLAN AP Driver from MediaTek
CVE-2025-20681

Currently unrated

Key Information:

Vendor: MediaTek
Status: Mt6890, Mt7615, Mt7622, Mt7663, Mt7915
Vendor: CVE Published:; 8 July 2025

What is CVE-2025-20681?

The WLAN AP driver from MediaTek is susceptible to an out of bounds write vulnerability due to an incorrect bounds check. This flaw could potentially enable a local user to escalate their privileges, as user execution privileges are required for exploitation. While user interaction is not necessary for the attack to succeed, it poses a significant risk to system integrity. Affected users are encouraged to apply the security patch identified by Patch ID WCNCR00416936 to mitigate this vulnerability.

Affected Version(s)

MT6890, MT7615, MT7622, MT7663, MT7915 SDK release 5.1.0.0 and before / openWRT 19.07, 21.02

References

https://corp.mediatek.com/product-security-bulletin/July-...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 8, 2025
Vulnerability Reserved
Nov 1, 2024