CVE-2025-20717 is a stack overflow vulnerability classified under CWE-121, found in the WLAN Access Point (AP) driver of several MediaTek chipsets including MT6890, MT7615, MT7622, MT7663, MT7915, MT7916, MT7981, and MT7986. The root cause is an incorrect bounds check in the driver code that leads to an out-of-bounds write on the stack. This memory corruption can be exploited by a local attacker who already has System-level privileges on the device to escalate their privileges further. The vulnerability does not require user interaction, making it easier to exploit once local access is obtained. Affected firmware versions include SDK release 7.6.7.2 and earlier, as well as openWRT versions 19.07 and 21.02 for the MT6890 chipset. The CVSS v3.1 base score is 7.8, indicating high severity, with attack vector local, low attack complexity, low privileges required, no user interaction, unchanged scope, and high impact on confidentiality, integrity, and availability. Although no public exploits are known at this time, the vulnerability poses a significant risk due to the critical nature of wireless AP drivers in network infrastructure. The issue is tracked under MediaTek’s internal ID MSV-3582 and patch ID WCNCR00419946, though no public patch links are currently available.

This vulnerability can have severe consequences for organizations relying on MediaTek chipsets in their wireless access points or embedded devices. Exploitation allows an attacker with local System privileges to escalate their privileges further, potentially gaining kernel-level control. This can lead to unauthorized access to sensitive data, manipulation or disruption of network traffic, and persistent compromise of network infrastructure devices. Given the widespread use of MediaTek chipsets in consumer and enterprise wireless equipment, the vulnerability could impact a broad range of environments including corporate networks, ISPs, and critical infrastructure. The lack of required user interaction and low complexity of exploitation increase the risk of internal threat actors or malware leveraging this flaw to deepen their foothold. Additionally, compromised APs could be used as pivot points for lateral movement within networks, amplifying the overall security risk.

Organizations should immediately inventory their network devices to identify those using the affected MediaTek chipsets and firmware versions. Applying vendor-provided patches or firmware updates as soon as they become available is critical. Until patches are released, network administrators should restrict local access to devices, enforce strict access controls, and monitor for unusual activities indicative of privilege escalation attempts. Employing host-based intrusion detection systems (HIDS) and endpoint protection solutions that can detect anomalous behavior related to memory corruption may help in early detection. Network segmentation can limit the impact of a compromised device. Additionally, organizations should consider disabling or limiting unnecessary services on affected devices to reduce the attack surface. Regularly updating openWRT or SDK versions to supported, patched releases is also recommended. Finally, maintaining an incident response plan that includes scenarios involving local privilege escalation on network infrastructure devices will improve readiness.