CVE-2025-20632

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00397139; Issue ID: MSV-2188.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:mediatek:software_development_kit:*:*:*:*:*:*:*:*
OR cpe:2.3:h:mediatek:mt7615:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7622:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7663:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7915:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7916:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7981:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7986:-:*:*:*:*:*:*:*

History

22 Apr 2025, 13:50

Type Values Removed Values Added
References () https://corp.mediatek.com/product-security-bulletin/February-2025 - () https://corp.mediatek.com/product-security-bulletin/February-2025 - Vendor Advisory
First Time Mediatek
Mediatek mt7663
Mediatek mt7916
Mediatek mt7986
Mediatek mt7615
Mediatek mt7915
Mediatek mt7622
Mediatek software Development Kit
Mediatek mt7981
CPE cpe:2.3:h:mediatek:mt7615:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7663:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7915:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7916:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7622:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7986:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt7981:-:*:*:*:*:*:*:*
cpe:2.3:a:mediatek:software_development_kit:*:*:*:*:*:*:*:*

25 Mar 2025, 14:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8

18 Feb 2025, 19:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.8
v2 : unknown
v3 : unknown
Summary
  • (es) En el controlador de punto de acceso WLAN, existe una posible escritura fuera de los límites debido a una verificación de los límites incorrecta. Esto podría provocar una escalada local de privilegios sin necesidad de permisos de ejecución adicionales. No se necesita interacción del usuario para la explotación. ID de parche: WCNCR00397139; ID de problema: MSV-2188.

03 Feb 2025, 17:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8

03 Feb 2025, 04:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-02-03 04:15

Updated : 2025-04-22 13:50


NVD link : CVE-2025-20632

Mitre link : CVE-2025-20632

CVE.ORG link : CVE-2025-20632


JSON object : View

Products Affected

mediatek

  • mt7986
  • mt7915
  • mt7663
  • mt7981
  • mt7916
  • mt7622
  • mt7615
  • software_development_kit
CWE
CWE-787

Out-of-bounds Write