Uninitialized Heap Data Exposure in Mediatek Modem Affects Remote Connectivity
CVE-2025-20760
Key Information:
- Vendor
MediaTek
- Vendor
- CVE Published:
- 6 January 2026
What is CVE-2025-20760?
In Mediatek's Modem, a vulnerability exists where uninitialized heap data could potentially be read due to an unhandled exception. This opens a pathway for remote denial of service attacks, particularly if a user equipment (UE) connects to a malicious base station. Notably, the attack can occur without requiring additional execution privileges and does not necessitate user interaction, making it a hidden and serious risk. Remediation is available via Patch ID: MOLY01676750.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
MT2735, MT2737, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6877, MT6878, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6896, MT6897, MT6899, MT6980, MT6983, MT6985, MT6986, MT6989, MT6990, MT6991, MT6993, MT8673, MT8675, MT8676, MT8678, MT8755, MT8771, MT8791, MT8791T, MT8792, MT8793, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8883, MT8893 Modem NR15, NR16, NR17
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved