Out of Bounds Read in Modem Affects MediaTek Products
CVE-2025-20759

6.5MEDIUM

Key Information:

Vendor

MediaTek
Status
Mt2735, Mt2737, Mt6833, Mt6833p, Mt6853, Mt6853t, Mt6855, Mt6855t, Mt6873, Mt6875, Mt6875t, Mt6877, Mt6877t, Mt6877tt, Mt6879, Mt6880, Mt6883, Mt6885, Mt6886, Mt6889, Mt6890, Mt6891, Mt6893, Mt6895, Mt6895tt, Mt6896, Mt6980, Mt6980d, Mt6983, Mt6983t, Mt6985, Mt6985t, Mt6989, Mt6989t, Mt6990, Mt8673, Mt8675, Mt8771, Mt8791, Mt8791t, Mt8795t, Mt8797, Mt8798, Mt8893
Vendor
CVE Published:
2 December 2025

What is CVE-2025-20759?

In MediaTek's modem, a vulnerability exists due to a missing bounds check, potentially leading to an out-of-bounds read. This flaw allows attackers to create a situation where a user equipment (UE) connecting to a maliciously controlled base station can experience a denial of service. Notably, this exploitation does not require user interaction or additional execution privileges, highlighting its ease of exploitation and risk. A patch has been issued to address this issue.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

MT2735, MT2737, MT6833, MT6833P, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT8673, MT8675, MT8771, MT8791, MT8791T, MT8795T, MT8797, MT8798, MT8893 Modem NR15, NR16

References

https://corp.mediatek.com/product-security-bulletin/Decem...

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.