CVE-2025-20675 is a medium severity vulnerability identified in several MediaTek wireless chipset models, specifically MT7902, MT7921, MT7922, MT7925, and MT7927. The flaw exists within the WLAN Station (STA) driver component of these chipsets, which are commonly used in wireless communication devices. The vulnerability is classified as a NULL Pointer Dereference (CWE-476), meaning that the driver attempts to access memory through a pointer that is set to NULL, leading to an uncaught exception and causing the system to crash. This results in a local denial of service (DoS) condition. Exploitation requires user-level execution privileges but does not require any user interaction, making it easier for an attacker with local access to trigger the crash. The affected versions include NB SDK release 3.6 and earlier. The vulnerability does not impact confidentiality or integrity but affects availability by crashing the system. The CVSS v3.1 base score is 5.5, reflecting a medium severity level, with attack vector local, low attack complexity, privileges required at the user level, no user interaction, and unchanged scope. No known exploits are currently reported in the wild, and no patch links were provided at the time of publication. The issue was reserved in November 2024 and published in June 2025. This vulnerability highlights a stability and reliability risk in devices using these MediaTek chipsets, potentially disrupting wireless connectivity and device operation.

For European organizations, the primary impact of CVE-2025-20675 is the potential for local denial of service on devices incorporating the affected MediaTek chipsets. This could disrupt wireless network connectivity, affecting business operations reliant on stable Wi-Fi communications, such as remote work, IoT device management, and critical communication systems. While the vulnerability does not allow data theft or system compromise beyond DoS, repeated or targeted exploitation could degrade user productivity and network reliability. In sectors like manufacturing, healthcare, and finance where wireless devices are integral, such disruptions could have operational and safety implications. Additionally, the requirement for local user privileges limits remote exploitation but insider threats or compromised endpoints could leverage this flaw to cause outages. The absence of user interaction simplifies exploitation once local access is obtained. Organizations with a high density of devices using these chipsets may experience broader impact. The lack of known exploits currently reduces immediate risk but patching and mitigation remain important to prevent future exploitation.

To mitigate CVE-2025-20675, European organizations should first identify all devices using the affected MediaTek chipsets (MT7902, MT7921, MT7922, MT7925, MT7927) and confirm the firmware or SDK versions in use, focusing on NB SDK release 3.6 and earlier. Organizations should monitor MediaTek’s official channels for the release of patches or firmware updates addressing this vulnerability and apply them promptly. Until patches are available, restricting local user access to sensitive or critical devices can reduce exploitation risk. Implement strict endpoint security controls to prevent unauthorized local code execution, including application whitelisting and privilege management. Network segmentation can limit the impact of compromised devices. Additionally, monitoring device stability and logs for unexpected crashes or reboots can help detect exploitation attempts. For devices that cannot be updated immediately, consider deploying compensating controls such as disabling or limiting WLAN STA driver functionality if feasible. Engaging with device vendors for updated firmware and security advisories is also recommended. Finally, incorporate this vulnerability into vulnerability management and incident response plans to ensure timely detection and remediation.