CVE-2025-20654 | THREATINT

Description

In wlan service, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00406897; Issue ID: MSV-2875.

PUBLISHED Reserved 2024-11-01 | Published 2025-04-07 | Updated 2026-02-26 | Assigner MediaTek

Problem types

CWE-787 Out-of-bounds Write

Product status

SDK version 7.4.0.1 and before (for MT7622 and MT7915) / SDK version 7.6.7.0 and before (for MT7916, MT7981 and MT7986) / OpenWrt 19.07, 21.02 (for MT6890)

affected

References

corp.mediatek.com/product-security-bulletin/April-2025

cve.org (CVE-2025-20654)

nvd.nist.gov (CVE-2025-20654)

Download JSON