Out of Bounds Write Vulnerability in MediaTek IMS Service
CVE-2025-20725
Key Information:
- Vendor
MediaTek
- Vendor
- CVE Published:
- 4 November 2025
What is CVE-2025-20725?
In MediaTek's ims service, a vulnerability exists due to a missing bounds check, allowing an attacker to exploit the issue through a rogue base station. This vulnerability enables remote escalation of privilege without requiring user interaction. It poses a significant risk as attackers can potentially gain control without needing additional execution privileges, making it crucial for users to apply the latest patches.
Affected Version(s)
MT2735, MT2737, MT6739, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769K, MT6769S, MT6769T, MT6769Z, MT6771, MT6833, MT6833P, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8766R, MT8768, MT8771, MT8786, MT8788, MT8788E, MT8791, MT8791T, MT8795T, MT8797, MT8798, MT8893 Modem LR12A, NR15, NR16