Remote Denial of Service Vulnerability in MediaTek Modem Products
CVE-2025-20647
Key Information:
- Vendor
- MediaTek
- Vendor
- CVE Published:
- 3 March 2025
Summary
A vulnerability exists in MediaTek Modem that can lead to a potential system crash due to inadequate bounds checking. This flaw can be exploited remotely when a User Equipment (UE) connects to a malicious base station managed by an attacker. Exploitation does not require any additional execution privileges or user interaction, making this a significant concern for users of the affected MediaTek Modem firmware. It is critical to apply the necessary patches, MOLY00791311 or MOLY01067019, to safeguard against this issue.
Affected Version(s)
MT2735, MT2737, MT6739, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769K, MT6769S, MT6769T, MT6769Z, MT6771, MT6779, MT6781, MT6783, MT6785, MT6785T, MT6785U, MT6789, MT6833, MT6833P, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT8666, MT8667, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8795T, MT8797, MT8798 Modem NR12A, NR13, NR15, NR16
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved