Overview
CVE-2025-20759 is a security vulnerability identified in MediaTek modem firmware. It involves an out-of-bounds read vulnerability which could be exploited to trigger a remote denial-of-service (DoS) condition. The vulnerability stems from a missing bounds check within the modem’s processing logic. If a user equipment (UE), such as a mobile phone, connects to a rogue base station controlled by an attacker, the attacker can potentially exploit this vulnerability without needing any user interaction or additional execution privileges on the device. A patch has been released by MediaTek to address this issue.
Technical Details
The root cause of CVE-2025-20759 is a missing bounds check in the modem software. Specifically, the software reads data from a memory buffer based on an index provided by external input (received through the base station connection). Without proper validation, a malicious or compromised base station can provide an index that points outside the allocated memory region. This leads to an out-of-bounds read, potentially causing the modem to crash or enter an unstable state, resulting in a denial-of-service condition. The reported Issue ID is MSV-4650.
CVSS Analysis
The CVSS score for CVE-2025-20759 is currently listed as N/A, indicating that a formal CVSS score has not yet been assigned. However, given the potential for remote denial of service without user interaction, a high severity score is likely when assessed. The exploitability metric is likely to be high because it can be triggered remotely and requires no user interaction.
Possible Impact
The exploitation of CVE-2025-20759 can lead to a remote denial-of-service (DoS) condition. This means that an attacker could potentially disrupt the cellular connectivity of vulnerable devices. The attacker requires control of a rogue base station. A successful exploit could lead to temporary loss of network connectivity, preventing users from making calls, sending messages, or accessing mobile data.
Mitigation and Patch Steps
The recommended mitigation is to apply the security patch provided by MediaTek. The Patch ID for addressing this vulnerability is MOLY01673760. Contact your device manufacturer to inquire about availability of the patch for your specific device model. Applying the provided patch will implement the missing bounds check, preventing the out-of-bounds read condition. Users should ensure they install all available software updates from their device manufacturers or carriers.
