CVE-2025-20759
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-02

Last updated on: 2025-12-03

Assigner: MediaTek, Inc.

Description
In Modem, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01673760; Issue ID: MSV-4650.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-02
Last Modified
2025-12-03
Generated
2026-06-16
AI Q&A
2025-12-02
EPSS Evaluated
2026-06-15
NVD
CVE-2025-20759
EUVD
EUVD-2025-200170
Affected Vendors & Products
Showing 46 associated CPEs
Vendor Product Version / Range
mediatek nr15 *
mediatek nr16 *
mediatek mt2735 *
mediatek mt2737 *
mediatek mt6833 *
mediatek mt6833p *
mediatek mt6853 *
mediatek mt6853t *
mediatek mt6855 *
mediatek mt6855t *
mediatek mt6873 *
mediatek mt6875 *
mediatek mt6875t *
mediatek mt6877 *
mediatek mt6877t *
mediatek mt6877tt *
mediatek mt6879 *
mediatek mt6880 *
mediatek mt6883 *
mediatek mt6885 *
mediatek mt6886 *
mediatek mt6889 *
mediatek mt6890 *
mediatek mt6891 *
mediatek mt6893 *
mediatek mt6895 *
mediatek mt6895tt *
mediatek mt6896 *
mediatek mt6980 *
mediatek mt6980d *
mediatek mt6983 *
mediatek mt6983t *
mediatek mt6985 *
mediatek mt6985t *
mediatek mt6989 *
mediatek mt6989t *
mediatek mt6990 *
mediatek mt8673 *
mediatek mt8675 *
mediatek mt8771 *
mediatek mt8791 *
mediatek mt8791t *
mediatek mt8795t *
mediatek mt8797 *
mediatek mt8798 *
mediatek mt8893 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an out of bounds read in the Modem caused by a missing bounds check. It can be triggered when a User Equipment (UE) connects to a rogue base station controlled by an attacker, potentially leading to a remote denial of service without requiring any user interaction or additional execution privileges.

Impact Analysis

The vulnerability can lead to a remote denial of service condition on the affected device if it connects to a malicious base station controlled by an attacker. This could disrupt normal device operation and connectivity.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-20759. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart