Vulnerability Description
In wlan STA driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09812521; Issue ID: MSV-3421.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linuxfoundation | Yocto | 4.0 |
| Mediatek | Software Development Kit | <= 3.7 |
| Android | 13.0 | |
| Openwrt | Openwrt | 21.02.0 |
| Mediatek | Mt2737 | - |
| Mediatek | Mt6835 | - |
| Mediatek | Mt6878 | - |
| Mediatek | Mt6886 | - |
| Mediatek | Mt6897 | - |
| Mediatek | Mt6899 | - |
| Mediatek | Mt6985 | - |
| Mediatek | Mt6989 | - |
| Mediatek | Mt6990 | - |
| Mediatek | Mt6991 | - |
| Mediatek | Mt7902 | - |
| Mediatek | Mt7920 | - |
| Mediatek | Mt7921 | - |
| Mediatek | Mt7922 | - |
| Mediatek | Mt7923 | - |
| Mediatek | Mt7925 | - |
Related Weaknesses (CWE)
References
FAQ
What is CVE-2025-20693?
CVE-2025-20693 is a vulnerability with a CVSS score of 6.5 (MEDIUM). In wlan STA driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privilege...
How severe is CVE-2025-20693?
CVE-2025-20693 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-20693?
Check the references section above for vendor advisories and patch information. Affected products include: Linuxfoundation Yocto, Mediatek Software Development Kit, Google Android, Openwrt Openwrt, Mediatek Mt2737.