CVE-2025-20761 Overview
CVE-2025-20761 is a denial of service vulnerability affecting MediaTek modem firmware due to incorrect error handling. The vulnerability exists in the modem component and can be triggered when a user equipment (UE) connects to a rogue base station controlled by an attacker. Successful exploitation results in a system crash without requiring any user interaction or additional execution privileges.
This vulnerability is particularly concerning for mobile devices and IoT hardware utilizing MediaTek chipsets with cellular connectivity, as it can be exploited remotely through malicious cellular infrastructure.
Critical Impact
Remote attackers can cause system crashes on affected devices by deploying rogue cellular base stations, potentially disrupting critical communications and device availability.
Affected Products
- MediaTek NR15, NR16, NR17 modem firmware
- MediaTek Dimensity chipsets (MT6833, MT6853, MT6873, MT6875, MT6877, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6896, MT6897, MT6980, MT6983, MT6985, MT6989, MT6990 series)
- MediaTek Helio chipsets (MT2735, MT2737)
- MediaTek tablet chipsets (MT8673, MT8675, MT8676, MT8678, MT8755, MT8771, MT8791, MT8792, MT8793, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8883, MT8893)
Discovery Timeline
- January 6, 2026 - CVE-2025-20761 published to NVD
- January 8, 2026 - Last updated in NVD database
Technical Details for CVE-2025-20761
Vulnerability Analysis
This vulnerability stems from improper check for unusual or exceptional conditions (CWE-754) within the MediaTek modem firmware. The modem component fails to properly validate and handle error conditions during cellular communication operations. When a device connects to a malicious base station, the attacker can send specially crafted signaling messages that trigger unhandled error states within the modem firmware.
The flaw allows network-based exploitation with low attack complexity, requiring no authentication or user interaction. While the vulnerability does not compromise data confidentiality or integrity, it severely impacts system availability by causing complete device crashes.
Root Cause
The root cause is classified as CWE-754 (Improper Check for Unusual or Exceptional Conditions). The modem firmware does not adequately validate incoming data or handle exceptional error states when processing cellular network signaling. This improper validation allows malformed or unexpected messages from a rogue base station to cause the modem to enter an unstable state, resulting in a system crash.
The vulnerability is tracked internally by MediaTek as Patch ID: MOLY01311265 and Issue ID: MSV-4655.
Attack Vector
The attack requires the attacker to deploy a rogue cellular base station (fake cell tower) within range of the target device. When the victim's device connects to or receives signaling from this malicious base station, the attacker can transmit crafted messages that exploit the improper error handling in the modem firmware.
The exploitation scenario involves:
- Attacker Setup: Deploy a rogue base station masquerading as a legitimate cellular tower
- Device Connection: Target device connects to the malicious base station (can be induced through stronger signal strength)
- Malicious Signaling: Attacker sends crafted cellular signaling messages designed to trigger the error handling flaw
- System Crash: The modem fails to properly handle the exceptional condition, causing a denial of service
This attack does not require physical access to the device or any user interaction, making it particularly dangerous in scenarios where cellular connectivity is critical.
Detection Methods for CVE-2025-20761
Indicators of Compromise
- Unexpected device reboots or crashes when in areas with questionable cellular coverage
- Modem subsystem errors or crashes logged in device diagnostic data
- Repeated connection attempts to unfamiliar or suspicious cell towers
- System logs indicating modem firmware exceptions or watchdog resets
Detection Strategies
- Monitor device telemetry for unusual modem crash patterns or repeated system reboots
- Implement cellular network anomaly detection to identify potential rogue base stations
- Review device crash logs for modem-related exceptions matching the vulnerability signature
- Deploy mobile device management (MDM) solutions to track device health and connectivity anomalies
Monitoring Recommendations
- Enable verbose logging for modem subsystem events where supported by the device
- Correlate device crash events with cellular network connectivity changes
- Monitor for patterns of devices experiencing crashes in specific geographic locations
- Track firmware versions across device fleets to identify vulnerable MediaTek chipset deployments
How to Mitigate CVE-2025-20761
Immediate Actions Required
- Verify MediaTek chipset models in use across your device fleet against the affected products list
- Check with device manufacturers for firmware updates addressing Patch ID MOLY01311265
- Prioritize patching for devices in critical infrastructure or high-risk deployment scenarios
- Consider network-level protections to detect rogue base station attacks where feasible
Patch Information
MediaTek has released a security patch addressing this vulnerability as documented in the MediaTek Security Bulletin January 2026. The patch is identified as MOLY01311265. Device manufacturers incorporating affected MediaTek chipsets should integrate this fix into their firmware updates and distribute to end users through their standard update channels.
End users should check with their device manufacturers (smartphone OEMs, tablet vendors, IoT device makers) for available firmware updates that incorporate the MediaTek security patch.
Workarounds
- Avoid connecting to unfamiliar or untrusted cellular networks when possible
- Enable airplane mode in high-risk areas where rogue base station attacks are suspected
- Where feasible, use Wi-Fi connectivity as an alternative to cellular in sensitive environments
- Consider devices with cellular network security features that can detect suspicious base stations
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
