CVE-2025-20752
BaseFortify
Publication date: 2025-12-02
Last updated on: 2026-02-17
Assigner: MediaTek, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mediatek | nr15 | * |
| mediatek | nr16 | * |
| mediatek | nr17 | * |
| mediatek | nr17r | * |
| mediatek | mt2735 | * |
| mediatek | mt2737 | * |
| mediatek | mt6813 | * |
| mediatek | mt6833 | * |
| mediatek | mt6833p | * |
| mediatek | mt6835 | * |
| mediatek | mt6835t | * |
| mediatek | mt6853 | * |
| mediatek | mt6853t | * |
| mediatek | mt6855 | * |
| mediatek | mt6855t | * |
| mediatek | mt6873 | * |
| mediatek | mt6875 | * |
| mediatek | mt6875t | * |
| mediatek | mt6877 | * |
| mediatek | mt6877t | * |
| mediatek | mt6877tt | * |
| mediatek | mt6878 | * |
| mediatek | mt6878m | * |
| mediatek | mt6879 | * |
| mediatek | mt6880 | * |
| mediatek | mt6883 | * |
| mediatek | mt6885 | * |
| mediatek | mt6886 | * |
| mediatek | mt6889 | * |
| mediatek | mt6890 | * |
| mediatek | mt6891 | * |
| mediatek | mt6893 | * |
| mediatek | mt6895 | * |
| mediatek | mt6895tt | * |
| mediatek | mt6896 | * |
| mediatek | mt6897 | * |
| mediatek | mt6899 | * |
| mediatek | mt6980 | * |
| mediatek | mt6980d | * |
| mediatek | mt6983 | * |
| mediatek | mt6983t | * |
| mediatek | mt6985 | * |
| mediatek | mt6985t | * |
| mediatek | mt6989 | * |
| mediatek | mt6989t | * |
| mediatek | mt6990 | * |
| mediatek | mt6991 | * |
| mediatek | mt8676 | * |
| mediatek | mt8791t | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-617 | The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a missing bounds check in the modem software that can cause a system crash. It can be exploited remotely if a user equipment (UE) connects to a rogue base station controlled by an attacker. No user interaction or additional execution privileges are required to trigger the issue.
How can this vulnerability impact me? :
The vulnerability can lead to a remote denial of service (DoS) condition, causing the affected system to crash when connected to a malicious base station. This can disrupt normal device operation and availability.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch identified as MOLY01270690 to fix the vulnerability and prevent potential system crashes caused by rogue base stations.