Out of Bounds Write Vulnerability in MediaTek IMS Service
CVE-2025-20725
Key Information:
- Vendor
MediaTek
- Vendor
- CVE Published:
- 4 November 2025
What is CVE-2025-20725?
In MediaTek's ims service, a vulnerability exists due to a missing bounds check, allowing an attacker to exploit the issue through a rogue base station. This vulnerability enables remote escalation of privilege without requiring user interaction. It poses a significant risk as attackers can potentially gain control without needing additional execution privileges, making it crucial for users to apply the latest patches.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
MT2735, MT2737, MT6739, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769K, MT6769S, MT6769T, MT6769Z, MT6771, MT6833, MT6833P, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8766R, MT8768, MT8771, MT8786, MT8788, MT8788E, MT8791, MT8791T, MT8795T, MT8797, MT8798, MT8893 Modem LR12A, NR15, NR16
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved