Permission Bypass Vulnerability in Mediatek Modem
CVE-2025-20670

5.7MEDIUM

Key Information:

Vendor: MediaTek
Status: Mt2737, Mt6813, Mt6835, Mt6835t, Mt6878, Mt6878m, Mt6879, Mt6886, Mt6895, Mt6895tt, Mt6896, Mt6897, Mt6899, Mt6980, Mt6980d, Mt6983, Mt6983t, Mt6985, Mt6985t, Mt6989, Mt6989t, Mt6990, Mt6991, Mt8666, Mt8667, Mt8673, Mt8675, Mt8676, Mt8678, Mt8765, Mt8766, Mt8768, Mt8771, Mt8781, Mt8786, Mt8788, Mt8788e, Mt8789, Mt8791, Mt8791t, Mt8795t, Mt8797, Mt8798
Vendor: CVE Published:; 5 May 2025

What is CVE-2025-20670?

A vulnerability in Mediatek's Modem could allow an attacker to bypass permissions due to improper validation of certificates. If a user connects to a malicious base station, their information could be exposed without their consent. Exploitation requires user interaction, emphasizing the need for vigilance in connecting to public networks. Ensure your device is updated to the latest patch to mitigate this risk.

Affected Version(s)

MT2737, MT6813, MT6835, MT6835T, MT6878, MT6878M, MT6879, MT6886, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8666, MT8667, MT8673, MT8675, MT8676, MT8678, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8788E, MT8789, MT8791, MT8791T, MT8795T, MT8797, MT8798 Modem NR16, NR17, NR17R

References

https://corp.mediatek.com/product-security-bulletin/May-2025

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 5, 2025
Vulnerability Reserved
Nov 1, 2024

MediaTek

What is CVE-2025-20670?

Affected Version(s)

References

CVSS V3.1

Timeline