Vulnerability Details CVE-2025-20674
In wlan AP driver, there is a possible way to inject arbitrary packet due to a missing permission check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413202; Issue ID: MSV-3303.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 37.3%
CVSS Severity
CVSS v3 Score 9.8
Products affected by CVE-2025-20674
-
cpe:2.3:a:mediatek:software_development_kit:2.4
-
cpe:2.3:a:mediatek:software_development_kit:2.5
-
cpe:2.3:a:mediatek:software_development_kit:3.3
-
cpe:2.3:a:mediatek:software_development_kit:3.5
-
cpe:2.3:a:mediatek:software_development_kit:3.6
-
cpe:2.3:a:mediatek:software_development_kit:5.0.5.0
-
cpe:2.3:a:mediatek:software_development_kit:5.1.0.0
-
cpe:2.3:a:mediatek:software_development_kit:7.4.0.1
-
cpe:2.3:a:mediatek:software_development_kit:7.6.7.0
-
cpe:2.3:a:mediatek:software_development_kit:7.6.7.2
-
cpe:2.3:h:mediatek:mt6890:-
-
cpe:2.3:h:mediatek:mt6990:-
-
cpe:2.3:h:mediatek:mt7915:-
-
cpe:2.3:h:mediatek:mt7916:-
-
cpe:2.3:h:mediatek:mt7981:-
-
cpe:2.3:h:mediatek:mt7986:-
-
cpe:2.3:h:mediatek:mt7990:-
-
cpe:2.3:h:mediatek:mt7992:-
-
cpe:2.3:h:mediatek:mt7993:-
-
cpe:2.3:o:openwrt:openwrt:19.07.0
-
cpe:2.3:o:openwrt:openwrt:21.02.0
-
cpe:2.3:o:openwrt:openwrt:23.05