CVE-2025-20726
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-04
Last updated on: 2025-11-05
Assigner: MediaTek, Inc.
Description
Description
In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01672598; Issue ID: MSV-4622.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mediatek | lr12a | * |
| mediatek | nr15 | * |
| mediatek | nr16 | * |
| mediatek | nr17 | * |
| mediatek | nr17r | * |
| mediatek | mt2735 | * |
| mediatek | mt2737 | * |
| mediatek | mt6739 | * |
| mediatek | mt6761 | * |
| mediatek | mt6762 | * |
| mediatek | mt6762d | * |
| mediatek | mt6762m | * |
| mediatek | mt6763 | * |
| mediatek | mt6765 | * |
| mediatek | mt6765t | * |
| mediatek | mt6767 | * |
| mediatek | mt6768 | * |
| mediatek | mt6769 | * |
| mediatek | mt6769k | * |
| mediatek | mt6769s | * |
| mediatek | mt6769t | * |
| mediatek | mt6769z | * |
| mediatek | mt6771 | * |
| mediatek | mt6813 | * |
| mediatek | mt6833 | * |
| mediatek | mt6833p | * |
| mediatek | mt6835 | * |
| mediatek | mt6835t | * |
| mediatek | mt6853 | * |
| mediatek | mt6853t | * |
| mediatek | mt6855 | * |
| mediatek | mt6855t | * |
| mediatek | mt6873 | * |
| mediatek | mt6875 | * |
| mediatek | mt6875t | * |
| mediatek | mt6877 | * |
| mediatek | mt6877t | * |
| mediatek | mt6877tt | * |
| mediatek | mt6878 | * |
| mediatek | mt6878m | * |
| mediatek | mt6879 | * |
| mediatek | mt6880 | * |
| mediatek | mt6883 | * |
| mediatek | mt6885 | * |
| mediatek | mt6886 | * |
| mediatek | mt6889 | * |
| mediatek | mt6890 | * |
| mediatek | mt6891 | * |
| mediatek | mt6893 | * |
| mediatek | mt6895 | * |
| mediatek | mt6895tt | * |
| mediatek | mt6896 | * |
| mediatek | mt6897 | * |
| mediatek | mt6899 | * |
| mediatek | mt6980 | * |
| mediatek | mt6980d | * |
| mediatek | mt6983 | * |
| mediatek | mt6983t | * |
| mediatek | mt6985 | * |
| mediatek | mt6985t | * |
| mediatek | mt6989 | * |
| mediatek | mt6989t | * |
| mediatek | mt6990 | * |
| mediatek | mt6991 | * |
| mediatek | mt8666 | * |
| mediatek | mt8667 | * |
| mediatek | mt8673 | * |
| mediatek | mt8675 | * |
| mediatek | mt8676 | * |
| mediatek | mt8678 | * |
| mediatek | mt8765 | * |
| mediatek | mt8766 | * |
| mediatek | mt8766r | * |
| mediatek | mt8768 | * |
| mediatek | mt8771 | * |
| mediatek | mt8786 | * |
| mediatek | mt8788 | * |
| mediatek | mt8788e | * |
| mediatek | mt8791 | * |
| mediatek | mt8791t | * |
| mediatek | mt8792 | * |
| mediatek | mt8793 | * |
| mediatek | mt8795t | * |
| mediatek | mt8797 | * |
| mediatek | mt8798 | * |
| mediatek | mt8863 | * |
| mediatek | mt8873 | * |
| mediatek | mt8883 | * |
| mediatek | mt8893 | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an out of bounds write in the modem caused by an incorrect bounds check. It allows an attacker controlling a rogue base station to remotely escalate privileges on the device without needing any additional execution privileges or user interaction.
How can this vulnerability impact me? :
The vulnerability can lead to remote escalation of privilege on the affected device if it connects to a rogue base station controlled by an attacker. This means the attacker could gain higher-level access and potentially control or manipulate the device remotely.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70