CVE-2025-20727

Unknown Unknown - Not Provided

BaseFortify

Publication date: 2025-11-04

Last updated on: 2026-02-04

Assigner: MediaTek, Inc.

Description

In Modem, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01672601; Issue ID: MSV-4623.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2025-11-04

Last Modified

2026-02-04

Generated

2026-05-09

AI Q&A

2025-11-04

EPSS Evaluated

2026-05-07

NVD

CVE-2025-20727

Affected Vendors & Products

Vendor	Product	Version / Range
mediatek	lr12a	*
mediatek	nr15	*
mediatek	nr16	*
mediatek	nr17	*
mediatek	nr17r	*
mediatek	mt2735	*
mediatek	mt2737	*
mediatek	mt6739	*
mediatek	mt6761	*
mediatek	mt6762	*
mediatek	mt6762d	*
mediatek	mt6762m	*
mediatek	mt6763	*
mediatek	mt6765	*
mediatek	mt6765t	*
mediatek	mt6767	*
mediatek	mt6768	*
mediatek	mt6769	*
mediatek	mt6769k	*
mediatek	mt6769s	*
mediatek	mt6769t	*
mediatek	mt6769z	*
mediatek	mt6771	*
mediatek	mt6813	*
mediatek	mt6833	*
mediatek	mt6833p	*
mediatek	mt6835	*
mediatek	mt6835t	*
mediatek	mt6853	*
mediatek	mt6853t	*
mediatek	mt6855	*
mediatek	mt6855t	*
mediatek	mt6873	*
mediatek	mt6875	*
mediatek	mt6875t	*
mediatek	mt6877	*
mediatek	mt6877t	*
mediatek	mt6877tt	*
mediatek	mt6878	*
mediatek	mt6878m	*
mediatek	mt6879	*
mediatek	mt6880	*
mediatek	mt6883	*
mediatek	mt6885	*
mediatek	mt6886	*
mediatek	mt6889	*
mediatek	mt6890	*
mediatek	mt6891	*
mediatek	mt6893	*
mediatek	mt6895	*
mediatek	mt6895tt	*
mediatek	mt6896	*
mediatek	mt6897	*
mediatek	mt6899	*
mediatek	mt6980	*
mediatek	mt6980d	*
mediatek	mt6983	*
mediatek	mt6983t	*
mediatek	mt6985	*
mediatek	mt6985t	*
mediatek	mt6989	*
mediatek	mt6989t	*
mediatek	mt6990	*
mediatek	mt6991	*
mediatek	mt8666	*
mediatek	mt8667	*
mediatek	mt8673	*
mediatek	mt8675	*
mediatek	mt8676	*
mediatek	mt8678	*
mediatek	mt8765	*
mediatek	mt8766	*
mediatek	mt8766r	*
mediatek	mt8768	*
mediatek	mt8771	*
mediatek	mt8786	*
mediatek	mt8788	*
mediatek	mt8788e	*
mediatek	mt8791	*
mediatek	mt8791t	*
mediatek	mt8792	*
mediatek	mt8793	*
mediatek	mt8795t	*
mediatek	mt8797	*
mediatek	mt8798	*
mediatek	mt8863	*
mediatek	mt8873	*
mediatek	mt8883	*
mediatek	mt8893	*

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-787	The product writes data past the end, or before the beginning, of the intended buffer.

Attack-Flow Graph

AI Powered Q&A

Can you explain this vulnerability to me?

This vulnerability is a heap buffer overflow in the modem component that can cause an out of bounds write. It can be exploited remotely if a user equipment (UE) connects to a rogue base station controlled by an attacker. No user interaction or additional execution privileges are required for exploitation.

How can this vulnerability impact me? :

The vulnerability can lead to remote escalation of privilege, allowing an attacker controlling a rogue base station to gain higher privileges on the affected device without needing user interaction or additional execution privileges.

What immediate steps should I take to mitigate this vulnerability?

Apply the patch identified as MOLY01672601 provided by the vendor to fix the out of bounds write vulnerability in the modem. Avoid connecting to untrusted or rogue base stations to reduce the risk of exploitation.

Ask Our AI Assistant

Need more information? Ask your question to get an AI reply (Powered by our expertise)

0/70

CVE-2025-20727

BaseFortify

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Powered Q&A

Ask Our AI Assistant

EPSS Chart