Security Concerns Rise with MediaTek February 2025 WLAN Vulnerabilities

A new security bulletin has been released by MediaTek for February 2025, which reveals several critical vulnerabilities, which may affect its chipsets used in smartphones, tablets, as well as numerous other devices.

There are security issues identified in the bulletin that may allow remote code execution, privilege escalation, and denial of service attacks to be performed on the system.

Among the most significant vulnerability issues (CVE-2025-20633, CVE-2025-20632, CVE-2025-20631) that have been identified in the driver for WLAN access points are three.

If this component doesn’t perform proper bounds check, a remote attacker could exploit this vulnerability to execute arbitrary code without the need for elevated privileges or the need to interact with the user. 

There is a vulnerability on some chipsets, including the MT7603, MT7615, MT7622, and MT7915, that are running SDK version 7.4.0.1 or earlier.

Several MediaTek chipsets contain WLAN Access Points (APs) with a variety of security vulnerabilities, including those designated with the CVE identifier CVE-2025-20631, CVE-2025-20632, and CVE-2025-20633. 

These vulnerabilities are enabled by multiple defects in the WLAN Access Points (APs) drivers.

This vulnerability is categorized as an out-of-bounds write vulnerability, which is referred to in CWE-787. It results from flawed bounds checking in the WLA

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.