CVE-2025-20737 is a stack overflow vulnerability classified under CWE-121 found in the WLAN AP driver of several MediaTek chipsets (MT6890, MT7615, MT7622, MT7663, MT7915, MT7916, MT7981, MT7986). The root cause is an incorrect bounds check in the driver code that allows an out-of-bounds write on the stack. This flaw can be triggered by a local user with execution privileges on the device, without requiring any user interaction, making it a potent vector for privilege escalation attacks. Successful exploitation can lead to arbitrary code execution with elevated privileges, potentially compromising the device’s confidentiality, integrity, and availability. The affected software versions include SDK release 7.6.7.2 and earlier, as well as openWRT versions 19.07 and 21.02. The CVSS v3.1 base score is 7.8, indicating high severity, with attack vector local, low attack complexity, low privileges required, no user interaction, and high impact on confidentiality, integrity, and availability. Although no exploits have been reported in the wild yet, the vulnerability poses a significant risk due to the widespread deployment of these chipsets in wireless access points and embedded devices. The issue was reserved in November 2024 and published in November 2025, with MediaTek assigned as the vendor. No official patch links are currently provided, but the patch ID is WCNCR00435343 and issue ID MSV-4040.

The vulnerability allows an attacker with local user-level access to escalate privileges to higher levels, potentially root or system-level, on devices using the affected MediaTek WLAN AP drivers. This can lead to full compromise of the device, including unauthorized access to sensitive data, disruption of wireless network services, and the ability to deploy persistent malware or pivot to other network segments. Given the critical role of wireless access points in enterprise, ISP, and consumer networks, exploitation could disrupt network availability and confidentiality on a large scale. The vulnerability affects multiple widely used MediaTek chipsets embedded in routers, IoT devices, and other network infrastructure, increasing the scope of impact globally. Organizations relying on these devices may face operational disruptions, data breaches, and increased risk of lateral movement by attackers within internal networks.

1. Apply patches from MediaTek as soon as they become available, referencing patch ID WCNCR00435343 and issue ID MSV-4040. 2. Upgrade to SDK releases newer than 7.6.7.2 and openWRT versions beyond 21.02 once patched versions are released. 3. Restrict local user access on devices running affected chipsets to trusted personnel only, minimizing the risk of local exploitation. 4. Employ network segmentation to isolate wireless access points and limit the impact of a compromised device. 5. Monitor device logs and behavior for signs of exploitation attempts or unusual privilege escalations. 6. Use host-based intrusion detection systems (HIDS) on critical devices to detect anomalous activity. 7. Implement strict access control policies and disable unnecessary local accounts or services that could be leveraged by attackers. 8. Conduct regular security audits and vulnerability assessments on network infrastructure to identify and remediate outdated firmware or software versions.