Uninitialized Heap Data Exposure in Mediatek Modem Affects Remote Connectivity
CVE-2025-20760

7.5HIGH

Key Information:

Vendor

MediaTek
Status
Mt2735, Mt2737, Mt6833, Mt6835, Mt6853, Mt6855, Mt6873, Mt6875, Mt6877, Mt6878, Mt6879, Mt6880, Mt6883, Mt6885, Mt6886, Mt6889, Mt6890, Mt6891, Mt6893, Mt6895, Mt6896, Mt6897, Mt6899, Mt6980, Mt6983, Mt6985, Mt6986, Mt6989, Mt6990, Mt6991, Mt6993, Mt8673, Mt8675, Mt8676, Mt8678, Mt8755, Mt8771, Mt8791, Mt8791t, Mt8792, Mt8793, Mt8795t, Mt8797, Mt8798, Mt8863, Mt8873, Mt8883, Mt8893
Vendor
CVE Published:
6 January 2026

What is CVE-2025-20760?

In Mediatek's Modem, a vulnerability exists where uninitialized heap data could potentially be read due to an unhandled exception. This opens a pathway for remote denial of service attacks, particularly if a user equipment (UE) connects to a malicious base station. Notably, the attack can occur without requiring additional execution privileges and does not necessitate user interaction, making it a hidden and serious risk. Remediation is available via Patch ID: MOLY01676750.

Affected Version(s)

MT2735, MT2737, MT6833, MT6835, MT6853, MT6855, MT6873, MT6875, MT6877, MT6878, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6896, MT6897, MT6899, MT6980, MT6983, MT6985, MT6986, MT6989, MT6990, MT6991, MT6993, MT8673, MT8675, MT8676, MT8678, MT8755, MT8771, MT8791, MT8791T, MT8792, MT8793, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8883, MT8893 Modem NR15, NR16, NR17

References

https://corp.mediatek.com/product-security-bulletin/Janua...

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-20760 : Uninitialized Heap Data Exposure in Mediatek Modem Affects Remote Connectivity