CVE-2025-20674 is a critical security vulnerability identified in several MediaTek wireless chipset models, including MT6890, MT6990, MT7915, MT7916, MT7981, MT7986, MT7990, MT7992, and MT7993. The flaw resides in the WLAN Access Point (AP) driver where an incorrect authorization check (CWE-863) allows an attacker to inject arbitrary packets. This vulnerability arises due to a missing permission check in the driver code, which means that an attacker can exploit this flaw remotely without requiring any prior authentication or user interaction. The exploit enables remote escalation of privilege, granting the attacker elevated access rights on the affected device. The CVSS v3.1 base score is 9.8, indicating a critical severity level, with attack vector being network-based (AV:N), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction (UI:N). The impact affects confidentiality, integrity, and availability (C:H/I:H/A:H), meaning the attacker can fully compromise the device. The affected versions include SDK release 7.6.7.2 and earlier, as well as specific OpenWrt releases (19.07, 21.02 for MT6890 and 21.02, 23.05 for MT6990). Although no known exploits are reported in the wild yet, the vulnerability’s characteristics make it highly exploitable. The issue is tracked internally by MediaTek as MSV-3303 and patched under WCNCR00413202, though patch links are not provided in the data. This vulnerability could be leveraged to manipulate wireless traffic, disrupt network operations, or pivot into internal networks by injecting malicious packets, severely undermining network security.

For European organizations, this vulnerability poses a significant threat, especially those relying on wireless infrastructure powered by MediaTek chipsets in routers, access points, or IoT devices. Successful exploitation could lead to complete compromise of network devices, allowing attackers to intercept, modify, or disrupt wireless communications. This can result in data breaches, unauthorized network access, lateral movement within corporate networks, and denial of service conditions. Critical sectors such as finance, healthcare, telecommunications, and government agencies are particularly at risk due to their reliance on secure wireless connectivity. The lack of required authentication and user interaction lowers the barrier for attackers, increasing the likelihood of exploitation. Additionally, organizations using OpenWrt-based firmware on affected devices may be vulnerable if patches are not applied promptly. The vulnerability could also facilitate advanced persistent threats (APTs) aiming to establish persistent footholds in European networks. The potential for remote privilege escalation without user interaction makes this a highly dangerous threat that could be exploited at scale.

European organizations should immediately identify and inventory all network devices utilizing the affected MediaTek chipsets, including routers, wireless access points, and IoT devices. It is critical to apply the official patches provided by MediaTek (WCNCR00413202) or firmware updates from device vendors that incorporate these fixes. For devices running OpenWrt, upgrading to versions beyond 23.05 (for MT6990) or later releases that include the patch is essential. Network administrators should implement strict network segmentation to isolate vulnerable wireless devices from critical infrastructure and sensitive data stores. Deploying network intrusion detection and prevention systems (IDS/IPS) with signatures tailored to detect anomalous packet injection attempts can help identify exploitation attempts. Additionally, organizations should monitor wireless network traffic for unusual patterns indicative of packet injection or privilege escalation activities. Employing strong wireless encryption standards (WPA3) and disabling unnecessary wireless services can reduce attack surface. Where patching is not immediately feasible, consider temporary mitigations such as disabling vulnerable wireless interfaces or restricting network access to trusted devices only. Regular vulnerability scanning and penetration testing focused on wireless infrastructure will help validate the effectiveness of mitigations.