Remote Denial of Service in Mediatek Modem due to Bounds Check Flaw
CVE-2025-20754

5.3MEDIUM

Key Information:

Vendor

MediaTek
Status
Mt2735, Mt2737, Mt6813, Mt6833, Mt6833p, Mt6835, Mt6835t, Mt6853, Mt6853t, Mt6855, Mt6855t, Mt6873, Mt6875, Mt6875t, Mt6877, Mt6877t, Mt6877tt, Mt6878, Mt6878m, Mt6879, Mt6880, Mt6883, Mt6885, Mt6886, Mt6889, Mt6890, Mt6891, Mt6893, Mt6895, Mt6895tt, Mt6896, Mt6897, Mt6899, Mt6980, Mt6980d, Mt6983, Mt6983t, Mt6985, Mt6985t, Mt6989, Mt6989t, Mt6990, Mt6991, Mt8673, Mt8675, Mt8676, Mt8678, Mt8755, Mt8771, Mt8791, Mt8791t, Mt8792, Mt8793, Mt8795t, Mt8797, Mt8798, Mt8863, Mt8873, Mt8883, Mt8893
Vendor
CVE Published:
2 December 2025

What is CVE-2025-20754?

In Mediatek Modem, a vulnerability exists due to an improper bounds check, which may lead to a system crash. This condition can be exploited if a user equipment (UE) connects to a rogue base station controlled by an attacker. Notably, this vulnerability does not require any additional execution privileges or user interaction to be exploited, making it a significant risk for device users.

Affected Version(s)

MT2735, MT2737, MT6813, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8673, MT8675, MT8676, MT8678, MT8755, MT8771, MT8791, MT8791T, MT8792, MT8793, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8883, MT8893 Modem NR15, NR16, NR17, NR17R

References

https://corp.mediatek.com/product-security-bulletin/Decem...

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.