Out of Bounds Write Vulnerability in Mediatek WLAN AP Driver
CVE-2025-20720

Currently unrated

Key Information:

Vendor: MediaTek
Status: Mt6890, Mt7603, Mt7615, Mt7622, Mt7915, Mt7916, Mt7981, Mt7986
Vendor: CVE Published:; 14 October 2025

What is CVE-2025-20720?

The wlan AP driver from Mediatek is susceptible to an out of bounds write vulnerability due to improper bounds checking. This flaw allows for potential escalation of privilege, enabling unauthorized users to gain elevated access in a proximate environment without needing any additional execution privileges or user interaction. Affected users should apply the necessary patch identified as WCNCR00418954 to mitigate the risk associated with this vulnerability.

Affected Version(s)

MT6890, MT7603, MT7615, MT7622, MT7915, MT7916, MT7981, MT7986 SDK release 7.6.7.2 and before / OpenWrt 19.07, 21.02 (MT6890)

References

https://corp.mediatek.com/product-security-bulletin/Octob...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2025
Vulnerability Reserved
Nov 1, 2024

JSON

MediaTek

What is CVE-2025-20720?

Affected Version(s)

References

Timeline