CVE-2025-20756
BaseFortify
Publication date: 2025-12-02
Last updated on: 2026-02-17
Assigner: MediaTek, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| mediatek | nr15 | * |
| mediatek | mt2735 | * |
| mediatek | mt6833 | * |
| mediatek | mt6833p | * |
| mediatek | mt6853 | * |
| mediatek | mt6853t | * |
| mediatek | mt6855 | * |
| mediatek | mt6855t | * |
| mediatek | mt6873 | * |
| mediatek | mt6875 | * |
| mediatek | mt6875t | * |
| mediatek | mt6877 | * |
| mediatek | mt6877t | * |
| mediatek | mt6877tt | * |
| mediatek | mt6880 | * |
| mediatek | mt6883 | * |
| mediatek | mt6885 | * |
| mediatek | mt6889 | * |
| mediatek | mt6890 | * |
| mediatek | mt6891 | * |
| mediatek | mt6893 | * |
| mediatek | mt8673 | * |
| mediatek | mt8675 | * |
| mediatek | mt8676 | * |
| mediatek | mt8678 | * |
| mediatek | mt8755 | * |
| mediatek | mt8771 | * |
| mediatek | mt8791 | * |
| mediatek | mt8791t | * |
| mediatek | mt8792 | * |
| mediatek | mt8793 | * |
| mediatek | mt8795t | * |
| mediatek | mt8797 | * |
| mediatek | mt8798 | * |
| mediatek | mt8863 | * |
| mediatek | mt8873 | * |
| mediatek | mt8883 | * |
| mediatek | mt8893 | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1287 | The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a logic error in the modem that can cause a system crash. It can be exploited remotely if a user equipment (UE) connects to a rogue base station controlled by an attacker. No additional execution privileges or user interaction are required for exploitation.
How can this vulnerability impact me? :
The vulnerability can lead to a remote denial of service (DoS) condition, causing the affected system to crash when connected to a malicious base station. This can disrupt normal device operation and connectivity.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, apply the patch identified as MOLY01673749 provided by the vendor. Additionally, avoid connecting to untrusted or rogue base stations to prevent exploitation. No user interaction is needed for exploitation, so network monitoring for rogue base stations may also help reduce risk.