Cyber Resilience

CVE-2025-20646

Critical

Published: 03 March 2025

Published
03 March 2025
Modified
22 April 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0211 84.5th percentile
Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-20646 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Mediatek Software Development Kit. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 15.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-20646 is an out-of-bounds write vulnerability in MediaTek wlan AP firmware stemming from improper input validation and tracked under CWE-787. The flaw resides in the access-point firmware component and carries a CVSS 3.1 base score of 9.8, reflecting network-accessible attack vectors that require no authentication or user interaction.

An unauthenticated remote attacker can send specially crafted network frames to trigger the write, resulting in privilege escalation on the affected device without any additional execution rights. The vulnerability description explicitly states that user interaction is not required for exploitation.

The sole referenced advisory is MediaTek’s March 2025 product-security bulletin, which assigns Patch ID WCNCR00389074 and Issue ID MSV-1803 for remediation. The associated EPSS score remains flat at 0.0211 with no material increase after disclosure.

EU & UK References

Vulnerability details

In wlan AP FW, there is a possible out of bounds write due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID:…

more

WCNCR00389074; Issue ID: MSV-1803.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Out-of-bounds write in network-accessible WLAN AP firmware directly enables remote unauthenticated privilege escalation (T1068) via public-facing application exploitation (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-20631Same product: Mediatek Mt7915
CVE-2025-20632Same product: Mediatek Mt7915
CVE-2026-20430Same product: Mediatek Mt6890
CVE-2026-20408Same product: Mediatek Mt6890
CVE-2025-20708Same product: Mediatek Mt6890
CVE-2025-20727Same product: Mediatek Mt6890
CVE-2026-20434Same product: Mediatek Mt6890
CVE-2026-20432Same product: Mediatek Mt6890
CVE-2026-20433Same product: Mediatek Mt6890
CVE-2026-20407Same vendor: Mediatek

Affected Assets

mediatek
software development kit
≤ 7.6.7.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of all inputs to prevent out-of-bounds writes due to improper input validation as in this CVE.

prevent

Mandates timely flaw remediation, including applying the vendor patch WCNCR00389074 to eliminate the vulnerability.

prevent

Implements memory protections that block exploitation of out-of-bounds writes for remote privilege escalation.

References