CVE-2025-20644
📋 TL;DR
This vulnerability in MediaTek modems allows memory corruption due to incorrect error handling when connecting to rogue base stations. Attackers can cause remote denial of service without user interaction or additional privileges. This affects devices with vulnerable MediaTek modem chipsets.
💻 Affected Systems
- MediaTek modem chipsets
📦 What is this software?
Nr15 by Mediatek
Nr16 by Mediatek
⚠️ Risk & Real-World Impact
Worst Case
Permanent modem failure requiring hardware replacement, complete loss of cellular connectivity, potential device instability affecting other components.
Likely Case
Temporary denial of cellular service, dropped connections, device reboots or instability until modem resets.
If Mitigated
Limited service disruption with automatic modem recovery, minimal impact on device functionality.
🎯 Exploit Status
Requires attacker to operate rogue base station in proximity to target; no authentication or user interaction needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patch ID: MOLY01525673
Vendor Advisory: https://corp.mediatek.com/product-security-bulletin/March-2025
Restart Required: Yes
Instructions:
1. Contact device manufacturer for firmware updates. 2. Apply MediaTek-provided modem firmware patch. 3. Reboot device after update. 4. Verify patch installation through device settings.
🔧 Temporary Workarounds
Disable automatic network selection
androidPrevent connection to unknown/rogue base stations by manually selecting trusted networks only
Settings > Network & Internet > Mobile Network > Network operators > Choose manually
Enable airplane mode in untrusted areas
allDisable cellular radio when in locations with potential rogue base stations
Settings > Network & Internet > Airplane mode > Toggle ON
🧯 If You Can't Patch
- Restrict device usage to trusted cellular networks only
- Implement physical security controls to prevent proximity to potential rogue base stations
🔍 How to Verify
Check if Vulnerable:
Check device modem firmware version against manufacturer's patched versions; contact device vendor for specific vulnerability assessment.Check Version:
adb shell getprop gsm.version.basebandVerify Fix Applied:
Verify modem firmware version includes patch MOLY01525673; check Settings > About phone > Baseband version for updates.📡 Detection & Monitoring
Log Indicators:
- Unexpected modem resets
- Baseband crash logs
- Frequent network registration failures
- Abnormal cell tower connection attempts
Network Indicators:
- Connection to unknown cell tower IDs
- Unusual signal strength patterns
- Multiple devices experiencing simultaneous cellular disruption
SIEM Query:
DeviceLogs | where EventCategory contains "modem" or EventCategory contains "baseband" | where EventMessage contains "crash" or EventMessage contains "reset" or EventMessage contains "error"