CVE-2025-20646

Critical

Published: 03 March 2025

Published

03 March 2025

Modified

22 April 2025

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0211 84.2th percentile

Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Description

In wlan AP FW, there is a possible out of bounds write due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389074; Issue ID: MSV-1803.

Security Summary

CVE-2025-20646 is a high-severity vulnerability (CVSS 9.8, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) involving an out-of-bounds write due to improper input validation (CWE-787) in WLAN Access Point Firmware. Published on March 3, 2025, it affects MediaTek's WLAN AP firmware components, as detailed in the vendor's product security bulletin.

The vulnerability enables remote escalation of privilege without requiring additional execution privileges or user interaction. A network-accessible attacker can exploit it with low complexity over the network, potentially achieving high confidentiality, integrity, and availability impacts by writing outside allocated memory bounds.

MediaTek's March 2025 Product Security Bulletin provides mitigation guidance, including Patch ID WCNCR00389074 for remediation. Security practitioners should review the advisory at https://corp.mediatek.com/product-security-bulletin/March-2025 and apply the specified patch to vulnerable WLAN AP firmware deployments, with Issue ID MSV-1803 for tracking.

Details

CWE(s): CWE-787

Affected Products

mediatek

software development kit

≤ 7.6.7.2

References

https://corp.mediatek.com/product-security-bulletin/March-2025
Vendor Advisory · security@mediatek.com