CVE-2025-20757 Overview
CVE-2025-20757 is a medium-severity improper input validation vulnerability affecting MediaTek modem firmware across multiple chipset families. The vulnerability exists in the modem component and could allow a remote attacker to cause a system crash (denial of service) when a user equipment (UE) device connects to a rogue base station controlled by the attacker.
This vulnerability is classified as CWE-617 (Reachable Assertion), indicating that the modem firmware contains an assertion that can be triggered by malformed input, leading to an immediate system crash. The attack requires no additional execution privileges and does not require any user interaction, making it a significant concern for mobile device security.
Critical Impact
Remote denial of service attack possible when device connects to malicious base station, causing complete system crash without user interaction.
Affected Products
- MediaTek NR15 (5G Modem Software)
- MediaTek MT2735 (5G Modem)
- MediaTek MT6833/MT6833P (Dimensity 700 Series)
- MediaTek MT6853/MT6853T (Dimensity 720 Series)
- MediaTek MT6855/MT6855T (Dimensity 930)
- MediaTek MT6873 (Dimensity 800 Series)
- MediaTek MT6875/MT6875T (Dimensity 820)
- MediaTek MT6877/MT6877T/MT6877TT (Dimensity 900 Series)
- MediaTek MT6880/MT6883/MT6885 (Dimensity 1000 Series)
- MediaTek MT6889/MT6890/MT6891/MT6893 (Dimensity 1200 Series)
- MediaTek MT8675/MT8771/MT8791/MT8791T/MT8797 (Tablet/IoT Chipsets)
Discovery Timeline
- December 2, 2025 - CVE-2025-20757 published to NVD
- December 3, 2025 - Last updated in NVD database
Technical Details for CVE-2025-20757
Vulnerability Analysis
The vulnerability resides in the modem firmware component of affected MediaTek chipsets. According to the CVSS:3.1 vector (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H), this vulnerability has the following characteristics:
| Metric | Value |
|---|---|
| Attack Vector | Network |
| Attack Complexity | High |
| Privileges Required | Low |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality Impact | None |
| Integrity Impact | None |
| Availability Impact | High |
| CVSS Score | 5.3 (Medium) |
| EPSS Score | 0.189% (40.99th percentile) |
The vulnerability is tracked internally by MediaTek as Patch ID: MOLY01673751 and Issue ID: MSV-4644.
Root Cause
The root cause of CVE-2025-20757 is improper input validation (CWE-617) in the modem firmware. When the modem processes certain malformed or unexpected data from a cellular base station, it fails to properly validate the input before processing, leading to a reachable assertion condition that causes an immediate system crash.
The modem component lacks sufficient bounds checking and input sanitization for network signaling messages received from base stations. This allows specially crafted messages to trigger assertion failures in the modem firmware, causing the entire device to crash.
Attack Vector
The attack scenario involves an attacker operating a rogue cellular base station (also known as a fake base station, IMSI catcher, or stingray device). When a vulnerable device connects to this malicious base station—either automatically due to signal strength or through forced downgrade attacks—the attacker can send specially crafted signaling messages to the device's modem.
The attack does not require any privileges on the target device or user interaction. The victim's device simply needs to be within range of the rogue base station and connect to it. Once connected, the attacker can trigger the vulnerability remotely, causing the device to crash and potentially rendering it unusable until restarted.
This type of attack is particularly concerning in high-density areas where rogue base stations can be deployed to affect multiple devices simultaneously.
Detection Methods for CVE-2025-20757
Indicators of Compromise
- Unexpected device reboots or crashes, particularly in areas with unusual cellular network behavior
- Modem crash logs indicating assertion failures in the baseband processor
- Connection attempts to unknown or suspicious cell tower identifiers (CGI)
- Abnormal cellular network registration patterns or frequent cell reselection events
- Kernel panic logs referencing modem/baseband subsystem failures
Detection Strategies
Network-Level Detection:
Organizations can implement cellular network monitoring solutions that detect rogue base stations in their vicinity. This includes monitoring for:
- Base stations with unusual parameters (MCC/MNC combinations, cell IDs)
- Sudden signal strength changes that could indicate a nearby rogue station
- Forced network downgrade attempts from 5G/LTE to older protocols
Device-Level Detection:
- Monitor Android system logs for modem subsystem crashes using logcat
- Implement Mobile Device Management (MDM) solutions that can track device stability metrics
- Deploy endpoint detection solutions capable of monitoring baseband/modem behavior
SentinelOne Singularity Mobile provides comprehensive mobile threat defense capabilities that can detect and alert on anomalous device behavior, including unexpected crashes and potential rogue base station attacks.
Monitoring Recommendations
- Enable Enhanced Cellular Logging: Configure devices to maintain detailed cellular connection logs for forensic analysis
- Deploy Network Monitoring: Use RF monitoring tools in sensitive facilities to detect unauthorized base stations
- Implement Crash Reporting: Ensure device crash reports are collected and analyzed for patterns indicating exploitation attempts
- Monitor Firmware Versions: Track modem firmware versions across your device fleet to identify vulnerable systems
How to Mitigate CVE-2025-20757
Immediate Actions Required
- Apply the latest security patches from device OEMs that incorporate MediaTek's MOLY01673751 patch
- Update devices to the latest available firmware version from the manufacturer
- In high-security environments, consider implementing cellular network restrictions or using alternative connectivity methods
- Deploy mobile threat defense solutions to detect anomalous device behavior
- Educate users about the risks of operating devices in areas with unknown or suspicious cellular coverage
Patch Information
MediaTek has released a security patch identified as MOLY01673751 to address this vulnerability. The patch details are available in the MediaTek Product Security Bulletin for December 2025.
Device manufacturers (OEMs) using affected MediaTek chipsets must integrate this patch into their firmware updates and distribute them to end users. Users should:
- Check with their device manufacturer for available security updates
- Apply updates as soon as they become available
- Enable automatic security updates where possible
Workarounds
While awaiting official patches, organizations and users can implement the following workarounds to reduce exposure:
Network-Level Mitigations:
- In controlled environments, use Wi-Fi calling instead of cellular when possible
- Deploy cellular signal monitoring in sensitive facilities to detect rogue base stations
- Consider using Faraday cages or signal-blocking solutions in high-security areas
Device-Level Mitigations:
- Disable automatic network selection and manually connect only to known, trusted carriers
- Use airplane mode in areas where rogue base station attacks are suspected
- Consider using alternative devices with non-affected chipsets for critical operations
Enterprise Mitigations:
- Implement MDM policies to enforce prompt security updates
- Monitor device fleet for unusual crash patterns
- Establish incident response procedures for suspected cellular-based attacks
Note: These workarounds may impact device functionality and should be evaluated against operational requirements. The only complete mitigation is applying the official security patch from the device manufacturer.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
