Out of Bounds Write Vulnerability in MediaTek WLAN AP Driver
CVE-2025-20732

5.3MEDIUM

Key Information:

Vendor: MediaTek
Status: Mt6890, Mt7615, Mt7622, Mt7663, Mt7915, Mt7916, Mt7981, Mt7986
Vendor: CVE Published:; 4 November 2025

What is CVE-2025-20732?

A vulnerability exists in the MediaTek WLAN AP driver, which allows for potential out-of-bounds writes due to inadequate bounds checking. This issue could allow a malicious actor, already possessing system-level privileges, to escalate privileges without requiring any user interaction. The vulnerability has been documented in Patch ID: WCNCR00441510 and Issue ID: MSV-4139, highlighting the importance of prompt mitigation for affected systems.

Affected Version(s)

MT6890, MT7615, MT7622, MT7663, MT7915, MT7916, MT7981, MT7986 Versions:SDK release 7.6.7.2 and before / openWRT 19.07, 21.02

References

https://corp.mediatek.com/product-security-bulletin/Novem...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 4, 2025
Vulnerability Reserved
Nov 1, 2024

JSON