CVE-2025-20674 is a critical security vulnerability identified in the WLAN Access Point (AP) driver software of several MediaTek chipsets, including MT6890, MT6990, MT7915, MT7916, MT7981, MT7986, MT7990, MT7992, and MT7993. The root cause is an incorrect authorization check (classified under CWE-863), which allows an attacker to inject arbitrary network packets into the wireless communication stream. This flaw exists because the driver fails to properly verify permissions before processing certain packet injection requests. Exploitation does not require any prior authentication or user interaction, making it remotely exploitable over the network. Successful exploitation results in remote escalation of privilege, granting attackers the ability to execute arbitrary code or commands with elevated privileges on the affected device. The vulnerability affects SDK releases up to version 7.6.7.2 and specific OpenWrt firmware versions (19.07, 21.02 for MT6890; 21.02, 23.05 for MT6990). The CVSS v3.1 base score is 9.8, reflecting the high impact on confidentiality, integrity, and availability, combined with ease of exploitation. No public exploit code or active exploitation has been reported yet, but the severity and nature of the flaw make it a significant threat to devices using these MediaTek chipsets in wireless access points. The issue has been assigned patch ID WCNCR00413202 and issue ID MSV-3303 by MediaTek, indicating that a fix is available or forthcoming.

The vulnerability allows remote attackers to inject arbitrary packets without authentication or user interaction, leading to full remote escalation of privilege on affected devices. This can compromise the confidentiality of network traffic, integrity of data and device operations, and availability of wireless services. Organizations relying on MediaTek-based wireless access points or routers could face unauthorized network access, data interception, manipulation, or denial of service. Critical infrastructure, enterprise networks, and consumer environments using affected chipsets are at risk of compromise, potentially enabling lateral movement within networks or persistent footholds for attackers. The broad range of affected chipsets and firmware versions increases the scope of impacted devices globally. Given the critical severity and remote exploitability, the threat could facilitate large-scale attacks if exploited in the wild.

Organizations should immediately identify devices using the affected MediaTek chipsets and firmware versions. Apply the official patches referenced by MediaTek (Patch ID: WCNCR00413202) as soon as they become available. For devices running OpenWrt, upgrade to versions beyond 23.05 or the latest stable releases that include the fix. Network administrators should implement network segmentation to isolate vulnerable wireless devices from critical systems. Employ strict monitoring of wireless traffic for anomalous packet injection attempts. Disable unnecessary wireless services or features that rely on the affected drivers if patching is delayed. Vendors and integrators should verify firmware integrity and consider deploying intrusion detection systems capable of detecting exploitation attempts targeting WLAN drivers. Regularly audit and update device firmware to minimize exposure to similar vulnerabilities.