Out of Bounds Write Vulnerability in MediaTek IMS Service
CVE-2025-20725

Currently unrated

Key Information:

Vendor: MediaTek
Status: Mt2735, Mt2737, Mt6739, Mt6761, Mt6762, Mt6762d, Mt6762m, Mt6763, Mt6765, Mt6765t, Mt6767, Mt6768, Mt6769, Mt6769k, Mt6769s, Mt6769t, Mt6769z, Mt6771, Mt6833, Mt6833p, Mt6853, Mt6853t, Mt6855, Mt6855t, Mt6873, Mt6875, Mt6875t, Mt6877, Mt6877t, Mt6877tt, Mt6879, Mt6880, Mt6883, Mt6885, Mt6886, Mt6889, Mt6890, Mt6891, Mt6893, Mt6895, Mt6895tt, Mt6896, Mt6980, Mt6980d, Mt6983, Mt6983t, Mt6985, Mt6985t, Mt6989, Mt6989t, Mt6990, Mt8666, Mt8667, Mt8673, Mt8675, Mt8765, Mt8766, Mt8766r, Mt8768, Mt8771, Mt8786, Mt8788, Mt8788e, Mt8791, Mt8791t, Mt8795t, Mt8797, Mt8798, Mt8893
Vendor: CVE Published:; 4 November 2025

What is CVE-2025-20725?

In MediaTek's ims service, a vulnerability exists due to a missing bounds check, allowing an attacker to exploit the issue through a rogue base station. This vulnerability enables remote escalation of privilege without requiring user interaction. It poses a significant risk as attackers can potentially gain control without needing additional execution privileges, making it crucial for users to apply the latest patches.

Affected Version(s)

MT2735, MT2737, MT6739, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769K, MT6769S, MT6769T, MT6769Z, MT6771, MT6833, MT6833P, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT8666, MT8667, MT8673, MT8675, MT8765, MT8766, MT8766R, MT8768, MT8771, MT8786, MT8788, MT8788E, MT8791, MT8791T, MT8795T, MT8797, MT8798, MT8893 Modem LR12A, NR15, NR16

References

https://corp.mediatek.com/product-security-bulletin/Novem...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 4, 2025
Vulnerability Reserved
Nov 1, 2024

JSON