Out-of-Bounds Write Vulnerability in MediaTek Modem
CVE-2025-20634

9.8CRITICAL

Key Information:

Vendor: MediaTek
Status: Mt2737, Mt6813, Mt6835, Mt6835t, Mt6878, Mt6878m, Mt6879, Mt6886, Mt6895, Mt6895tt, Mt6896, Mt6897, Mt6899, Mt6980, Mt6980d, Mt6983, Mt6983t, Mt6985, Mt6985t, Mt6989, Mt6989t, Mt6990, Mt6991, Mt8673, Mt8676, Mt8678, Mt8795t, Mt8798, Mt8863
Vendor: CVE Published:; 3 February 2025

Summary

A vulnerability in MediaTek's modem allows for an out-of-bounds write due to a missing bounds check. This issue can be exploited when a user equipment (UE) connects to a malicious base station controlled by an attacker, enabling unauthorized remote code execution without requiring any user interaction. To mitigate the risk, it is essential to update to the latest version as specified in patch ID MOLY01289384.

Affected Version(s)

MT2737, MT6813, MT6835, MT6835T, MT6878, MT6878M, MT6879, MT6886, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8673, MT8676, MT8678, MT8795T, MT8798, MT8863 Modem NR16, NR17, NR17R

References

https://corp.mediatek.com/product-security-bulletin/Febru...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 3, 2025
Vulnerability Reserved
Nov 1, 2024