Remote Denial of Service Vulnerability in MediaTek Modem Products
CVE-2025-20758
Key Information:
- Vendor
MediaTek
- Vendor
- CVE Published:
- 2 December 2025
What is CVE-2025-20758?
A vulnerability exists within MediaTek's modems that could allow a remote denial of service. This issue arises from an uncaught exception that can trigger a system crash when a user equipment (UE) connects to a rogue base station managed by an attacker. Notably, exploitation of this vulnerability does not require any additional execution privileges or user interaction, making it a significant risk for affected systems. Users are urged to apply the security patch MOLY01673755 to mitigate this vulnerability.
Affected Version(s)
MT2735, MT2737, MT6813, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8673, MT8675, MT8676, MT8678, MT8755, MT8771, MT8791, MT8791T, MT8792, MT8793, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8883, MT8893 Modem NR15, NR16, NR17, NR17R