CVE-2025-20633

Published: Feb 3, 2025Modified: Mar 18, 2025

8.8

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00400889; Issue ID: MSV-2491.

Affected (1)

Products: Mediatek: Software Development Kit

1 product

Software Development Kit

Configuration A

1 vulnerable · 4 platform

Vulnerable Software	Affected Versions
Mediatek Software Development Kit	Up to 7.4.0.1

Running on/with	Platform Versions
Mediatek Mt7603	All versions
Mediatek Mt7615	All versions
Mediatek Mt7622	All versions
Mediatek Mt7915	All versions

Related CWEs

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (1)

https://corp.mediatek.com/product-security-bulletin/February-2025

Source: security@mediatek.com

Vendor Advisory

Timeline

No history available yet.