CVE-2025-20631
Published: 03 February 2025
Description
In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00397141; Issue ID: MSV-2187.
Security Summary
CVE-2025-20631 is a vulnerability in the wlan AP driver that enables an out-of-bounds write due to an incorrect bounds check, corresponding to CWE-787. This issue affects MediaTek's wireless access point driver components, as detailed in their product security bulletin. The vulnerability has a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity with local access required but low complexity and no user interaction needed.
A local attacker with low privileges (PR:L) can exploit this vulnerability to achieve escalation of privilege without requiring additional execution privileges. Successful exploitation allows arbitrary code execution with elevated privileges, potentially compromising confidentiality, integrity, and availability of the affected system to a high degree.
MediaTek's February 2025 product security bulletin provides mitigation details, including Patch ID WCNCR00397141 and Issue ID MSV-2187. Security practitioners should apply the specified patch to vulnerable wlan AP driver instances to remediate the out-of-bounds write risk.
Details
- CWE(s)