CVE-2025-20740 — Time-of-check Time-of-use (TOCTOU) Race Condition in Software Development KIT

CWE-367 — Time-of-check Time-of-use (TOCTOU) Race Condition3 documents3 sources

Severity

4.7MEDIUMNVD

EPSS

0.0%

top 98.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mediatek Software Development KIT

Timeline

PublishedNov 4

Description

In wlan STA driver, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00435337; Issue ID: MSV-4036.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.0 | Impact: 3.6

Affected Packages1 packages

▶NVDmediatek/software_development_kit3.7

🔴Vulnerability Details

GHSA

GHSA-g76h-fppr-42rm: In wlan STA driver, there is a possible out of bounds read due to a race condition↗2025-11-04

▶

CVEList

CVE-2025-20740: In wlan STA driver, there is a possible out of bounds read due to a race condition↗2025-11-04

▶