CVE-2025-20791

MEDIUM EPSS 12.2%
Published Dec 2, 20256mo ago · Modified Jun 17, 20261w ago
6.5 CVSS 3.1
Medium
Find Similar
Published Dec 2, 2025 6mo ago
Last Modified Jun 17, 2026 1w ago

Description

In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01661189; Issue ID: MSV-4298.

CVSS Details

Base Score
6.5
Exploitability
2.8
Impact
3.6
Vector string
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector Adjacent
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
12.2% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-617

Affected Products 26

VendorProductVersionRange
mediateknr15*any
mediatekmt2735*any
mediatekmt6833*any
mediatekmt6833p*any
mediatekmt6853*any
mediatekmt6853t*any
mediatekmt6855*any
mediatekmt6855t*any
mediatekmt6873*any
mediatekmt6875*any
mediatekmt6875t*any
mediatekmt6877*any
mediatekmt6877t*any
mediatekmt6877tt*any
mediatekmt6880*any
mediatekmt6883*any
mediatekmt6885*any
mediatekmt6889*any
mediatekmt6890*any
mediatekmt6891*any
mediatekmt6893*any
mediatekmt8675*any
mediatekmt8771*any
mediatekmt8791*any
mediatekmt8791t*any
mediatekmt8797*any

References 1

  • corp.mediatek.com https://corp.mediatek.com/product-security-bulletin/December-2025
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.