Information Disclosure Vulnerability in Mediatek Modem Products
CVE-2025-20667
Key Information:
- Vendor
MediaTek
- Vendor
- CVE Published:
- 5 May 2025
What is CVE-2025-20667?
A vulnerability in Mediatek Modem allows attackers to obtain sensitive information due to improper error handling. When a User Equipment (UE) connects to a malicious base station operated by an attacker, this vulnerability could be exploited without requiring any user interaction or elevated execution privileges. This poses a significant risk as unauthorized information disclosure can occur, highlighting the importance of addressing this issue through timely updates and patches.
Affected Version(s)
MT2735, MT2737, MT6739, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769K, MT6769S, MT6769T, MT6769Z, MT6771, MT6779, MT6781, MT6783, MT6785, MT6785T, MT6785U, MT6789, MT6813, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8666, MT8667, MT8675, MT8676, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8788E, MT8789, MT8791, MT8791T, MT8797 Modem LR12A, LR13, NR15, NR16, NR17, NR17R
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved