CVE-2025-20674

In wlan AP driver, there is a possible way to inject arbitrary packet due to a missing permission check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00413202; Issue ID: MSV-3303.

Published: Jun 2, 2025
Updated: Jun 3, 2025
CVE: CVE-2025-20674
Exploit:

No technical information available.

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
openwrt / openwrt	19.07.0	19.07.0.x
openwrt / openwrt	21.02.0	21.02.0.x
openwrt / openwrt	23.05	23.05.x
mediatek / software_development_kit	-	7.6.7.2.x

https://corp.mediatek.com/product-security-bulletin/June-2025

Vulnerability Database

CVE-2025-20674