Remote Denial of Service Vulnerability in Mediatek IMS Service
CVE-2025-20678
Key Information:
- Vendor
MediaTek
- Vendor
- CVE Published:
- 2 June 2025
What is CVE-2025-20678?
The Mediatek IMS service has a vulnerability that could lead to a denial of service due to improper error handling. An attacker can exploit this flaw by connecting a User Equipment (UE) to a rogue base station, compromising the service without requiring any additional execution privileges or user interaction. This vulnerability poses a significant risk as it allows for a potential system crash, impacting the availability of the service.
Affected Version(s)
MT6739, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769K, MT6769S, MT6769T, MT6769Z, MT6771, MT6779, MT6781, MT6783, MT6785, MT6785T, MT6785U, MT6789, MT6813, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8666, MT8667, MT8673, MT8675, MT8676, MT8678, MT8765, MT8766, MT8766R, MT8768, MT8771, MT8781, MT8786, MT8788, MT8788E, MT8789, MT8791, MT8791T, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8883, MT8893 Modem LR12A, LR13, NR15, NR16, NR17, NR17R