CVE-2025-20673

Published: Jun 2, 2025Modified: Jul 2, 2025

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

In wlan STA driver, there is a possible system crash due to an uncaught exception. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413200; Issue ID: MSV-3304.

Affected (5)

Products: Mediatek: Mt7902 Firmware, Mt7921 Firmware, Mt7922 Firmware, Mt7925 Firmware, Mt7927 Firmware

5 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mediatek Mt7902 Firmware	Up to 3.6

Running on/with	Platform Versions
Mediatek Mt7902	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mediatek Mt7921 Firmware	Up to 3.6

Running on/with	Platform Versions
Mediatek Mt7921	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mediatek Mt7922 Firmware	Up to 3.6

Running on/with	Platform Versions
Mediatek Mt7922	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mediatek Mt7925 Firmware	Up to 3.6

Running on/with	Platform Versions
Mediatek Mt7925	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Mediatek Mt7927 Firmware	Up to 3.6

Running on/with	Platform Versions
Mediatek Mt7927	All versions

Related CWEs

CWE-476

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

References (1)

https://corp.mediatek.com/product-security-bulletin/June-2025

Source: security@mediatek.com

Vendor Advisory

Timeline

No history available yet.