Overview
CVE-2025-20790 describes a vulnerability in the modem component that could lead to a system crash and subsequent remote denial of service (DoS). This vulnerability stems from improper input validation within the modem’s firmware. An attacker could exploit this vulnerability by controlling a rogue base station and forcing a vulnerable device to connect to it. Upon connection and receiving malicious data, the modem would crash, resulting in a DoS condition.
Technical Details
The vulnerability resides in the modem component. Specifically, the improper input validation allows a specially crafted input to trigger a system crash. An attacker needs to set up a rogue base station and lure a vulnerable device to connect to it. Once connected, the rogue base station sends the malicious input. The Issue ID associated with this vulnerability is MSV-4701, and the provided Patch ID is MOLY01677581, indicating the fix implemented to address this issue.
The exploitation of CVE-2025-20790 doesn’t require any user interaction or elevated privileges on the target device. This makes it a highly concerning vulnerability, as devices are vulnerable as soon as they connect to the compromised base station.
Vulnerability Details:
- CVE ID: CVE-2025-20790
- Description: In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation.
- Patch ID: MOLY01677581
- Issue ID: MSV-4701
- Published: 2025-12-02T03:16:19.907
CVSS Analysis
The CVSS score and severity for CVE-2025-20790 are currently listed as N/A. However, given the potential for remote denial of service without user interaction or special privileges, it’s likely that a CVSS score will be assigned that indicates a high severity. Awaiting official CVSS score to be released.
Possible Impact
The primary impact of CVE-2025-20790 is a denial of service (DoS) condition. A successful attack could render a device temporarily or permanently unusable, disrupting communication and potentially impacting safety or critical infrastructure. Furthermore, continuous DoS attacks could lead to battery drain and frustration for users.
Mitigation and Patch Steps
The primary mitigation for CVE-2025-20790 is to apply the security patch provided by the device manufacturer. The Patch ID for this vulnerability is MOLY01677581. Users should check for updates from their device manufacturers and install them as soon as they are available.
Recommended steps:
- Check for and install the latest firmware updates from your device manufacturer.
- Be cautious when connecting to untrusted or unknown Wi-Fi networks or cellular base stations.
- Monitor device performance for unusual behavior, such as frequent crashes or reboots.
