CVE-2025-20664
HIGHDescription
In wlan AP driver, there is a possible information disclosure due to an uncaught exception. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00406217; Issue ID: MSV-2773.
Is your site exposed to CVE-2025-20664?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| mediatek | software_development_kit |
| mediatek | mt7915 |
| mediatek | software_development_kit |
| mediatek | mt7916 |
| mediatek | mt7981 |
| mediatek | mt7986 |
| mediatek | software_development_kit |
| mediatek | mt7990 |
| mediatek | mt7992 |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-20664? +
How severe is CVE-2025-20664? +
What products are affected by CVE-2025-20664? +
How do I check if I'm vulnerable to CVE-2025-20664? +
Related Vulnerabilities
go-ethereum (geth) is a golang execution layer implementation of the Ethereum protocol. A vulnerable node can be forced to shutdown/crash …
tRPC allows users to build & consume fully typesafe APIs without schemas or code generation. In versions starting from 11.0.0 …
Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to …
The MCP Python SDK, called `mcp` on PyPI, is a Python implementation of the Model Context Protocol (MCP). Prior to …
The MCP Python SDK, called `mcp` on PyPI, is a Python implementation of the Model Context Protocol (MCP). Prior to …
@builder.io/qwik-city is the meta-framework for Qwik. When a Qwik Server Action QRL is executed it dynamically load the file containing …