CVE-2025-20717 is a stack overflow vulnerability classified under CWE-121 found in the WLAN Access Point (AP) driver of several MediaTek chipsets, including MT6890, MT7615, MT7622, MT7663, MT7915, MT7916, MT7981, and MT7986. The root cause is an incorrect bounds check in the driver code that leads to an out-of-bounds write on the stack. This memory corruption can be exploited by an attacker who already has System-level privileges on the device to escalate their privileges further, potentially gaining full control over the affected system. The vulnerability does not require user interaction to exploit, but it does require the attacker to have some level of system privilege (local access with PR:L). The affected software versions include MediaTek SDK release 7.6.7.2 and earlier, as well as openWRT versions 19.07 and 21.02 for the MT6890 chipset. The CVSS v3.1 base score is 7.8, reflecting high severity due to the high impact on confidentiality, integrity, and availability, combined with relatively low attack complexity and no user interaction needed. Although no public exploit code or active exploitation has been reported, the vulnerability poses a significant risk in environments where these chipsets are deployed, especially in embedded devices and wireless infrastructure. The lack of publicly available patches at the time of reporting necessitates proactive mitigation and monitoring by affected parties.

For European organizations, this vulnerability poses a significant risk primarily to wireless infrastructure and embedded devices utilizing the affected MediaTek chipsets. Successful exploitation can lead to local privilege escalation, allowing attackers with limited system privileges to gain full control over the device. This could result in unauthorized access to sensitive network traffic, manipulation or disruption of wireless communications, and potential pivoting to other internal systems. Given the widespread use of MediaTek chipsets in consumer and enterprise wireless access points, routers, and IoT devices, the vulnerability could impact network availability and confidentiality. Critical sectors such as telecommunications, government, finance, and industrial control systems that rely on secure wireless connectivity may face increased risk. The absence of user interaction for exploitation and the high impact on system integrity and availability elevate the threat level. Additionally, compromised devices could be leveraged for lateral movement or as part of larger botnets, amplifying the potential damage.

European organizations should immediately identify devices using the affected MediaTek chipsets, particularly those running SDK release 7.6.7.2 or earlier and openWRT 19.07/21.02 on MT6890. Network segmentation should be enforced to isolate vulnerable devices from critical infrastructure. Apply vendor patches as soon as they become available; until then, consider disabling or restricting access to the WLAN AP driver functionalities if feasible. Employ strict access controls to limit system-level privileges and monitor for unusual local privilege escalation attempts. Regularly audit device firmware versions and update to the latest secure releases. Implement host-based intrusion detection systems (HIDS) to detect anomalous behavior indicative of exploitation attempts. For embedded devices where patching is delayed, consider network-level protections such as firewall rules to restrict local access to vulnerable devices. Engage with vendors for timely updates and verify the integrity of firmware to prevent unauthorized modifications. Finally, maintain comprehensive logging and incident response plans tailored to wireless infrastructure compromise scenarios.