Out of Bounds Write Vulnerability in MediaTek WLAN AP Driver
CVE-2025-20732

Currently unrated

Key Information:

Vendor: MediaTek
Status: Mt6890, Mt7615, Mt7622, Mt7663, Mt7915, Mt7916, Mt7981, Mt7986
Vendor: CVE Published:; 4 November 2025

What is CVE-2025-20732?

A vulnerability exists in the MediaTek WLAN AP driver, which allows for potential out-of-bounds writes due to inadequate bounds checking. This issue could allow a malicious actor, already possessing system-level privileges, to escalate privileges without requiring any user interaction. The vulnerability has been documented in Patch ID: WCNCR00441510 and Issue ID: MSV-4139, highlighting the importance of prompt mitigation for affected systems.

Affected Version(s)

MT6890, MT7615, MT7622, MT7663, MT7915, MT7916, MT7981, MT7986 Versions:SDK release 7.6.7.2 and before / openWRT 19.07, 21.02

References

https://corp.mediatek.com/product-security-bulletin/Novem...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 4, 2025
Vulnerability Reserved
Nov 1, 2024

JSON