Out of Bounds Write Vulnerability in MediaTek WLAN AP Driver
CVE-2025-20685

8.8HIGH

Key Information:

Vendor: MediaTek
Status: Mt6890, Mt7915, Mt7916, Mt7981, Mt7986
Vendor: CVE Published:; 8 July 2025

Badges

📰 News Worthy

What is CVE-2025-20685?

A vulnerability in the MediaTek WLAN AP Driver allows for an out of bounds write due to inadequate bounds checking. This flaw enables adjacent or proximal attackers to execute arbitrary code remotely without requiring additional privileges or user interaction. It's crucial for users of affected products to apply the necessary patches to mitigate potential risks associated with this vulnerability.

Affected Version(s)

MT6890, MT7915, MT7916, MT7981, MT7986 SDK release 7.6.7.2 and before / OpenWrt 19.07, 21.02 (MT6890)

News Articles

dec-solutions.com

CVE-2025-49663 CVE-2025-20685

cybersecurity – Page 6 – DEC Solutions Group

CVE-2025-49663: RRAS Buffer Overflow Vulnerability CVE-2025-49663 is a critical security vulnerability affecting the Windows Routing and Remote Access Service (RRAS). Specifically, this issue is...

3 weeks ago

References

https://corp.mediatek.com/product-security-bulletin/July-...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by dec-solutions.com
Jul 11, 2025
Vulnerability published
Jul 8, 2025
Vulnerability Reserved
Nov 1, 2024