CVE-2025-20753 Overview
CVE-2025-20753 is a remote denial of service vulnerability affecting the modem component in numerous MediaTek chipsets. The vulnerability exists due to an uncaught exception in the modem firmware that can be triggered when a User Equipment (UE) device connects to a rogue base station controlled by an attacker. This flaw allows remote attackers to cause a system crash without requiring any user interaction or additional execution privileges.
The vulnerability carries a CVSS 3.1 score of 5.3 (Medium severity) with the vector string CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating a network-based attack vector with high attack complexity but significant availability impact. The EPSS (Exploit Prediction Scoring System) probability is 0.214%, placing it in the 44th percentile for likelihood of exploitation.
Critical Impact
Remote attackers can cause complete system crashes on affected mobile devices by luring them to connect to malicious base stations, resulting in denial of service without any user interaction required.
Affected Products
- MediaTek NR15 and NR16 (5G NR modem platforms)
- MediaTek MT2735 and MT2737 (5G modem chipsets)
- MediaTek Dimensity series: MT6833, MT6833P, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990
- MediaTek Tablet/IoT chipsets: MT8675, MT8771, MT8791, MT8791T, MT8797
Discovery Timeline
- December 2, 2025 - CVE-2025-20753 published to NVD
- December 4, 2025 - Last updated in NVD database
Technical Details for CVE-2025-20753
Vulnerability Analysis
This vulnerability is classified under CWE-248 (Uncaught Exception), indicating that the modem firmware fails to properly handle certain exception conditions during cellular network operations. The modem component, a critical piece of firmware responsible for managing all cellular communications on the device, contains an error handling deficiency that allows unhandled exceptions to propagate and crash the entire system.
The vulnerability affects a wide range of MediaTek chipsets spanning multiple product generations, from mid-range to flagship mobile processors. The extensive list of affected hardware includes popular Dimensity series SoCs found in numerous Android smartphones and tablets worldwide.
Root Cause
The root cause of CVE-2025-20753 lies in improper exception handling within the modem firmware's signal processing routines. When the modem receives and processes signaling data from a base station, certain malformed or unexpected protocol messages can trigger exception conditions that are not caught by the firmware's error handling mechanisms.
The firmware lacks adequate exception handlers for specific edge cases in the cellular protocol stack, allowing these unhandled exceptions to terminate the modem process or trigger a broader system crash. This represents a failure to implement defensive programming practices in critical telecommunications firmware.
Attack Vector
The attack requires the adversary to operate a rogue base station (also known as an IMSI catcher or fake cell tower) that the target device connects to. The attack flow is as follows:
- The attacker deploys a rogue base station in proximity to the target device
- The rogue base station broadcasts a stronger signal or uses other techniques to force the target UE to connect
- Once connected, the malicious base station sends specially crafted signaling messages to the device's modem
- The malformed messages trigger an uncaught exception in the modem firmware
- The exception causes a system crash, resulting in denial of service
This attack requires no user interaction and no additional privileges beyond the ability to establish a cellular connection. However, the attack complexity is rated as High due to the specialized equipment and proximity requirements for deploying a rogue base station.
Detection Methods for CVE-2025-20753
Indicators of Compromise
- Unexpected device reboots or crashes, particularly in areas where the cellular signal behavior appears anomalous
- Modem-related crash logs in system diagnostics showing unhandled exception errors
- Device repeatedly disconnecting from cellular networks and experiencing system instability
- Kernel panic or watchdog reset events originating from modem firmware components
Detection Strategies
Detection of active exploitation is challenging due to the nature of the vulnerability occurring at the modem firmware level. Organizations should focus on the following approaches:
Device Monitoring: Implement centralized logging and monitoring for managed mobile devices to detect patterns of unexpected crashes or reboots that may indicate exploitation attempts.
Cellular Network Monitoring: For enterprise environments, consider deploying cellular intrusion detection systems capable of identifying rogue base stations operating in the vicinity of corporate facilities.
Crash Analysis: Analyze device crash reports and system logs for modem-related exceptions. MediaTek devices typically generate diagnostic information that can help identify if the crash originated from the modem subsystem.
Monitoring Recommendations
Organizations managing fleets of devices with affected MediaTek chipsets should:
- Enable comprehensive device telemetry and crash reporting
- Monitor for unusual patterns of cellular connectivity issues across multiple devices
- Implement geofencing and location-based alerting for devices experiencing crashes in specific areas
- Review mobile device management (MDM) logs for abnormal reboot patterns
- Consider RF spectrum monitoring in high-security environments to detect unauthorized base stations
How to Mitigate CVE-2025-20753
Immediate Actions Required
- Apply MediaTek's security patch MOLY01689252 when available through your device manufacturer's firmware update
- Monitor MediaTek's December 2025 Product Security Bulletin for official remediation guidance
- Prioritize firmware updates for devices used in sensitive operations or environments
- Consider enabling airplane mode in high-risk areas where rogue base station attacks are suspected
- Implement device management policies to ensure timely security updates across your device fleet
Patch Information
MediaTek has addressed this vulnerability with Patch ID MOLY01689252 (Issue ID: MSV-4841). The official security advisory is available at MediaTek Product Security Bulletin - December 2025.
Device manufacturers (OEMs) using affected MediaTek chipsets will need to integrate this patch into their firmware updates. End users should watch for security updates from their device manufacturers (Samsung, Xiaomi, OPPO, Vivo, OnePlus, etc.) that incorporate the MediaTek modem firmware fix.
Workarounds
Due to the nature of this vulnerability affecting low-level modem firmware, complete mitigation without patching is not possible. However, the following measures can reduce risk:
Reduce Exposure: In high-security scenarios, use devices with patched firmware or consider temporarily disabling cellular connectivity when operating in potentially hostile RF environments.
Network Policy: Enterprise environments can implement policies requiring devices to only connect to known, trusted cellular networks where possible, though this provides limited protection against sophisticated rogue base station attacks.
Device Selection: For new deployments, verify that devices have firmware incorporating the security patch before procurement.
User Awareness: Educate users about the risks of operating in areas with potentially compromised cellular infrastructure, particularly in regions with known surveillance concerns.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
