CVE-2025-20718

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00419945; Issue ID: MSV-3581.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://corp.mediatek.com/product-security-bulletin/October-2025	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:mediatek:software_development_kit::::::::
	cpe:2.3:o:openwrt:openwrt:19.07.0:-::::::
	cpe:2.3:o:openwrt:openwrt:21.02.0:-::::::

OR	cpe:2.3:h:mediatek:mt6890:-:::::::*
	cpe:2.3:h:mediatek:mt7615:-:::::::*
	cpe:2.3:h:mediatek:mt7622:-:::::::*
	cpe:2.3:h:mediatek:mt7663:-:::::::*
	cpe:2.3:h:mediatek:mt7915:-:::::::*
	cpe:2.3:h:mediatek:mt7916:-:::::::*
	cpe:2.3:h:mediatek:mt7981:-:::::::*
	cpe:2.3:h:mediatek:mt7986:-:::::::*

History

No history.

Information

Published : 2025-10-14 10:15

Updated : 2025-10-15 18:45

NVD link : CVE-2025-20718

Mitre link : CVE-2025-20718

CVE.ORG link : CVE-2025-20718

JSON object : View

Products Affected

mediatek

mt6890
mt7916
mt7663
mt7986
mt7615
mt7981
mt7915
mt7622
software_development_kit

openwrt

openwrt

CWE

CWE-121

Stack-based Buffer Overflow

CWE-787

Out-of-bounds Write

{"id": "CVE-2025-20718", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2025-10-14T10:15:36.503", "references": [{"url": "https://corp.mediatek.com/product-security-bulletin/October-2025", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-121"}]}, {"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-787"}]}], "descriptions": [{"lang": "en", "value": "In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00419945; Issue ID: MSV-3581."}], "lastModified": "2025-10-15T18:45:45.840", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mediatek:software_development_kit:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0DD86CC1-BD46-42D2-9112-190CCAC96B30", "versionEndIncluding": "7.6.7.2"}, {"criteria": "cpe:2.3:o:openwrt:openwrt:19.07.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4FA469E2-9E63-4C9A-8EBA-10C8C870063A"}, {"criteria": "cpe:2.3:o:openwrt:openwrt:21.02.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0133207-2EED-4625-854F-8DB7770D5BF7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "171D1C08-F055-44C0-913C-AA2B73AF5B72"}, {"criteria": "cpe:2.3:h:mediatek:mt7615:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "05748BB1-0D48-4097-932E-E8E2E574FD8D"}, {"criteria": "cpe:2.3:h:mediatek:mt7622:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "55EB4B27-6264-45BE-9A22-BE8418BB0C06"}, {"criteria": "cpe:2.3:h:mediatek:mt7663:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "10C79211-F064-499D-914E-0BACD038FBF4"}, {"criteria": "cpe:2.3:h:mediatek:mt7915:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3AB22996-9C22-4B6C-9E94-E4C055D16335"}, {"criteria": "cpe:2.3:h:mediatek:mt7916:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DD5AA441-5381-4179-89EB-1642120F72B4"}, {"criteria": "cpe:2.3:h:mediatek:mt7981:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "490CD97B-021F-4350-AEE7-A2FA866D5889"}, {"criteria": "cpe:2.3:h:mediatek:mt7986:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "40A9E917-4B34-403F-B512-09EEBEA46811"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}