Out of Bounds Write Vulnerability in MediaTek WLAN AP Driver
CVE-2025-20748
Currently unrated
Key Information:
- Vendor
MediaTek
- Vendor
- CVE Published:
- 4 November 2025
What is CVE-2025-20748?
The vulnerability in the WLAN AP driver of MediaTek products exposes users to the risk of local privilege escalation due to a flawed bounds check. When exploited, this flaw allows an attacker with system-level access to write to memory locations outside the intended boundaries, potentially compromising system integrity without requiring user interaction. A fix has been initiated, and users are advised to apply the patch to mitigate risks. Continuous monitoring and updates are crucial to maintaining security.
Affected Version(s)
MT6890, MT7615, MT7622, MT7663, MT7915, MT7916, MT7981, MT7986 SDK release 7.6.7.2 and before / openWRT 19.07, 21.02