CVE-2025-20719 is a stack overflow vulnerability classified under CWE-121 found in the WLAN Access Point (AP) driver of several MediaTek chipsets: MT6890, MT7603, MT7615, MT7622, MT7915, MT7916, MT7981, and MT7986. The root cause is an incorrect bounds check in the driver code that leads to an out-of-bounds write operation on the stack. This flaw can be exploited remotely by an attacker within wireless range (proximal or adjacent) without requiring any user interaction or prior authentication, making it particularly dangerous. Successful exploitation allows escalation of privilege on the device, potentially granting the attacker control over the device’s firmware or operating system. The vulnerability affects SDK release 7.6.7.2 and earlier versions, as well as OpenWrt 19.07 and 21.02 builds that incorporate these chipsets, which are commonly used in wireless routers and access points. The CVSS v3.1 score is 8.8 (high severity), with vector AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating that the attack requires adjacent network access but no privileges or user interaction, and can cause high impact on confidentiality, integrity, and availability. Although no public exploits have been reported yet, the vulnerability’s characteristics make it a prime candidate for exploitation in the near future. The issue is tracked internally by MediaTek as MSV-3570 and patch ID WCNCR00418955, but no public patch links are currently available. This vulnerability poses a significant risk to network infrastructure relying on affected MediaTek chipsets, potentially allowing attackers to compromise wireless access points and pivot into internal networks.

For European organizations, this vulnerability presents a critical threat to wireless network infrastructure. Exploitation could allow attackers to gain unauthorized control over wireless access points and routers, leading to interception or manipulation of network traffic, disruption of network services, and potential lateral movement within corporate networks. Confidential data transmitted over affected devices could be exposed or altered, undermining data privacy and integrity. The lack of required user interaction and the ability to exploit remotely within wireless range increases the attack surface, especially in densely populated or public environments such as offices, campuses, and public Wi-Fi hotspots. Organizations relying on MediaTek-based devices for critical communications or operational technology may face operational disruptions and increased risk of espionage or sabotage. The vulnerability also threatens the availability of wireless services, potentially causing denial of service conditions. Given the widespread use of OpenWrt in European networking equipment, the impact extends to a broad range of devices beyond proprietary MediaTek SDK implementations.

European organizations should immediately identify all devices using the affected MediaTek chipsets, including those running OpenWrt 19.07 and 21.02 or SDK release 7.6.7.2 and earlier. Since no public patches are currently linked, organizations should monitor MediaTek advisories and vendor updates closely to apply patches as soon as they become available. In the interim, network administrators should implement strict wireless network segmentation to isolate vulnerable devices from sensitive internal networks and limit wireless access to trusted clients only. Employing wireless intrusion detection and prevention systems (WIDS/WIPS) can help detect anomalous activity indicative of exploitation attempts. Disabling unnecessary wireless services or features on affected devices can reduce the attack surface. Additionally, organizations should enforce strong physical security controls to limit proximity-based attacks and consider upgrading to newer hardware with patched firmware. Regular firmware audits and vulnerability scanning of network infrastructure are recommended to maintain visibility of exposure. Finally, updating OpenWrt installations to versions beyond 21.02 that incorporate fixes will be critical once patches are released.