Out of Bounds Write Vulnerability in Mediatek Wireless AP Driver
CVE-2025-20742

8HIGH

Key Information:

Vendor: MediaTek
Status: Mt6890, Mt7603, Mt7615, Mt7622, Mt7915, Mt7916, Mt7981, Mt7986
Vendor: CVE Published:; 4 November 2025

What is CVE-2025-20742?

The Mediatek Wireless AP driver contains a vulnerability that allows for an out of bounds write due to inadequate bounds checking. This flaw can be exploited by a remote attacker located in proximity to the targeted system, leading to escalation of privileges without the necessity for additional execution permissions. The exploitation does not require user interaction, thus posing a significant risk. Ensure systems are updated with the latest patches to mitigate this vulnerability.

Affected Version(s)

MT6890, MT7603, MT7615, MT7622, MT7915, MT7916, MT7981, MT7986 SDK release 7.6.7.2 and before / OpenWrt 19.07, 21.02 (MT6890)

References

https://corp.mediatek.com/product-security-bulletin/Novem...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 4, 2025
Vulnerability Reserved
Nov 1, 2024

JSON

MediaTek

What is CVE-2025-20742?

Affected Version(s)

References

CVSS V3.1

Timeline