Summary: MediaTek has issued its February 2025 Product Security Bulletin, highlighting critical vulnerabilities in chipsets used in various devices. The bulletin emphasizes that particular weaknesses in the WLAN AP driver could allow remote code execution. Users are strongly encouraged to apply software updates to mitigate these vulnerabilities.

Affected: MediaTek chipsets (e.g., MT7603, MT7615, MT7622, MT7915)

Keypoints :

• Critical vulnerabilities may lead to remote code execution, elevation of privilege, and denial of service attacks.
• Three major vulnerabilities (CVE-2025-20633, CVE-2025-20632, CVE-2025-20631) found in the WLAN AP driver can be exploited without additional privileges.
• High-severity out-of-bounds write vulnerabilities in the modem and drivers could also facilitate remote code execution or local privilege escalation.
• MediaTek is collaborating with OEMs to provide patches and recommends users to check for updates promptly.