Out of Bounds Write Vulnerability in Mediatek WLAN AP Driver
CVE-2025-20712

8.8HIGH

Key Information:

Vendor: MediaTek
Status: Mt6990, Mt7990, Mt7991, Mt7992, Mt7993
Vendor: CVE Published:; 14 October 2025

What is CVE-2025-20712?

A vulnerability has been identified in the Mediatek WLAN AP driver where an incorrect bounds check leads to a possible out of bounds write. This flaw may enable a remote party to escalate privileges without requiring additional execution permissions or user interaction, potentially exposing systems to unauthorized access. A patch has been issued to address this issue (Patch ID: WCNCR00422323; Issue ID: MSV-3810). For further details, please refer to the Mediatek product security bulletin.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

MT6990, MT7990, MT7991, MT7992, MT7993 SDK release 8.3.1.1 and before / OpenWrt 21.02, 23.05 (MT6990)

References

https://corp.mediatek.com/product-security-bulletin/Octob...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 14, 2025
Vulnerability Reserved
Nov 1, 2024

JSON

MediaTek

What is CVE-2025-20712?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.