Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

CVE-2025-20720: CWE-122 Heap Overflow in MediaTek, Inc. MT6890, MT7603, MT7615, MT7622, MT7915, MT7916, MT7981, MT7986

0
High
VulnerabilityCVE-2025-20720cvecve-2025-20720cwe-122
Published: Tue Oct 14 2025 (10/14/2025, 09:11:41 UTC)
Source: CVE Database V5
Vendor/Project: MediaTek, Inc.
Product: MT6890, MT7603, MT7615, MT7622, MT7915, MT7916, MT7981, MT7986

Description

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00418954; Issue ID: MSV-3569.

AI-Powered Analysis

AILast updated: 10/14/2025, 09:39:08 UTC

Technical Analysis

CVE-2025-20720 is a heap overflow vulnerability classified under CWE-122, found in the WLAN AP driver of multiple MediaTek chipsets including MT6890, MT7603, MT7615, MT7622, MT7915, MT7916, MT7981, and MT7986. The root cause is an incorrect bounds check that leads to an out-of-bounds write on the heap. This flaw allows an attacker within wireless proximity to the affected device to perform a remote escalation of privilege without needing additional execution privileges or any user interaction. The vulnerability affects SDK release 7.6.7.2 and earlier versions, as well as OpenWrt 19.07 and 21.02 for the MT6890 chipset. The issue was reserved in November 2024 and published in October 2025, with no CVSS score assigned yet and no known exploits in the wild. The vulnerability could be exploited by an attacker sending specially crafted wireless frames to the device, causing memory corruption that escalates privileges on the device. This could lead to unauthorized control over the wireless access point or embedded device, potentially allowing further network compromise or disruption of wireless services. The lack of required user interaction and the remote nature of the attack vector increase the risk. The affected chipsets are widely used in consumer and enterprise wireless access points and embedded systems, including those running OpenWrt firmware. The vulnerability's exploitation could undermine confidentiality, integrity, and availability of network communications and device operation. The absence of a patch link suggests that vendors may still be preparing fixes, emphasizing the need for vigilance and interim mitigations.

Potential Impact

For European organizations, this vulnerability poses a significant risk to network infrastructure relying on MediaTek chipsets in wireless access points or embedded devices. Successful exploitation could allow attackers in physical proximity to escalate privileges on these devices, potentially gaining administrative control. This could lead to interception or manipulation of network traffic, unauthorized access to internal networks, disruption of wireless services, and lateral movement within corporate environments. Critical sectors such as finance, healthcare, government, and telecommunications could be particularly affected due to their reliance on secure and stable wireless connectivity. The vulnerability's remote exploitability without user interaction increases the likelihood of targeted attacks in densely populated or high-value areas. Additionally, organizations using OpenWrt-based devices with affected chipsets may face increased exposure. The potential for privilege escalation and subsequent compromise of network devices could undermine trust in wireless infrastructure and lead to data breaches or operational disruptions.

Mitigation Recommendations

Organizations should proactively inventory their wireless infrastructure to identify devices using the affected MediaTek chipsets and firmware versions. Immediate mitigation steps include restricting physical and wireless access to sensitive network areas to reduce attacker proximity. Network segmentation should be enforced to limit the impact of any compromised device. Monitoring wireless traffic for unusual patterns or malformed frames can help detect exploitation attempts. Applying vendor patches promptly once released is critical; organizations should maintain close communication with MediaTek and device manufacturers for updates. For devices running OpenWrt, upgrading to versions beyond 21.02 or applying community patches may mitigate risk. Disabling unnecessary wireless features or interfaces on affected devices can reduce the attack surface. Employing network access control (NAC) and strong authentication mechanisms for device management interfaces further limits attacker capabilities. Finally, conducting penetration testing and vulnerability assessments focused on wireless infrastructure can help identify and remediate exposure to this vulnerability.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
MediaTek
Date Reserved
2024-11-01T01:21:50.390Z
Cvss Version
null
State
PUBLISHED

Threat ID: 68ee16317eab8b438c025d47

Added to database: 10/14/2025, 9:21:53 AM

Last enriched: 10/14/2025, 9:39:08 AM

Last updated: 10/15/2025, 11:04:12 AM

Views: 9

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats