MediaTek has released a critical security update addressing multiple vulnerabilities in its chipsets, with one critical flaw that could potentially allow attackers to execute malicious code remotely on affected devices without user interaction.
The bulletin, published today, highlights significant security risks affecting a wide array of devices, including smartphones, tablets, IoT devices, smart displays, and various multimedia equipment.
Critical Vulnerability Details
This security update centers on CVE-2025-20654, a critical vulnerability in the WLAN service component of multiple MediaTek chipsets.
.png
)
This flaw stems from an out-of-bounds write vulnerability caused by an incorrect bounds check, classified under CWE-787 (Out-of-bounds Write).
The vulnerability enables remote code execution without requiring additional execution privileges or user interaction.
The vulnerability affects several widely-deployed chipsets, including MT6890, MT7622, MT7915, MT7916, MT7981, and MT7986.
Application Security is no longer just a defensive play, Time to Secure -> Free Webinar
Affected software versions encompass SDK version 7.4.0.1 for MT7622 and MT7915 chipsets, SDK version 7.6.7.0 for MT7916, MT7981, and MT7986 chipsets, as well as OpenWrt versions 19.07 and 21.02 for the MT6890 chipset.
Additional Security Concerns
The security bulletin also addresses several high-severity vulnerabilities, including CVE-2025-20655, CVE-2025-20656, CVE-2025-20657, and CVE-2025-20658.
These vulnerabilities could potentially lead to remote code execution, local privilege escalation, or denial of service in various components of affected devices.
Additionally, six medium-severity flaws (CVE-2025-20659 through CVE-2025-20664) have been identified and patched.
To assist developers in verifying the successful application of security patches, MediaTek has provided a sample Python code snippet:
This verification tool can be integrated into continuous integration pipelines to streamline the process of ensuring devices remain secure against emerging threats.
Manufacturers using affected MediaTek chipsets are strongly advised to review the complete Product Security Bulletin and implement the recommended patches immediately.
End-users should ensure their devices are running the latest firmware versions by checking for and installing available updates.
This security update exemplifies MediaTek’s ongoing commitment to maintaining the integrity and security of its technology ecosystem, protecting millions of devices and their users worldwide from potential exploitation.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try 50 Request for Free
.png?w=324&resize=324,235&ssl=1 "Hackers Exploiting Windows .RDP Files For Rogue Remote Desktop Connections")