CVE-2025-20659

Q: What is the severity of CVE-2025-20659?

CVE-2025-20659 has a CVSS score of 6.5 (MEDIUM). This vulnerability in MediaTek modems allows remote denial of service through improper input validation. An attacker can crash the system by connecting a user device to a rogue base station without requiring user interaction or additional privileges. All devices using affected MediaTek modem chipsets are potentially vulnerable.

6.5 MEDIUM

Denial of Service

📋 TL;DR

This vulnerability in MediaTek modems allows remote denial of service through improper input validation. An attacker can crash the system by connecting a user device to a rogue base station without requiring user interaction or additional privileges. All devices using affected MediaTek modem chipsets are potentially vulnerable.

💻 Affected Systems

Products:

MediaTek modem chipsets

Versions: Specific versions not publicly disclosed in CVE description

Operating Systems: Android and other mobile OS using MediaTek modems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with MediaTek modems when connected to cellular networks. Exact chipset models not specified in CVE.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash requiring device reboot, potentially disrupting cellular connectivity and device functionality until restart.

🟠

Likely Case

Temporary denial of cellular service requiring device reboot to restore connectivity.

🟢

If Mitigated

No impact if patched or if device cannot connect to rogue base stations.

🌐 Internet-Facing: HIGH - Attack can be performed remotely via cellular network without authentication.

🏢 Internal Only: LOW - Requires cellular network access, not internal network access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Requires attacker to operate rogue base station and have target device connect to it. No user interaction needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patch ID: MOLY01519028

Vendor Advisory: https://corp.mediatek.com/product-security-bulletin/April-2025

Restart Required: Yes

Instructions:

1. Check with device manufacturer for firmware updates. 2. Apply MediaTek modem firmware patch MOLY01519028. 3. Reboot device after patch installation.

🔧 Temporary Workarounds

Disable automatic network selection

all

Manually select trusted network operators to prevent connection to rogue base stations

Use Wi-Fi when available

all

Disable cellular data when on trusted Wi-Fi networks to reduce exposure

🧯 If You Can't Patch

Monitor for unusual cellular network behavior or frequent disconnections
Implement network monitoring for rogue base station detection in enterprise environments

🔍 How to Verify

Check if Vulnerable:

Check modem firmware version against MediaTek security bulletin. Contact device manufacturer for specific vulnerability status.

Check Version:

Device-specific commands vary by manufacturer. Typically in Settings > About Phone > Baseband Version

Verify Fix Applied:

Verify patch MOLY01519028 is installed in modem firmware. Check with device manufacturer for patch verification method.

📡 Detection & Monitoring

Log Indicators:

Unexpected modem crashes
Cellular service disconnections
Baseband processor errors

Network Indicators:

Connections to unknown base stations
Unusual cellular network behavior

SIEM Query:

Not applicable - detection primarily at modem/baseband level

📊 Metadata

CVE ID: CVE-2025-20659

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-125

EPSS Score: 0.72% exploit probability (72.1th percentile)

Published: April 7, 2025

Last Updated: February 17, 2026

🔗 References

https://corp.mediatek.com/product-security-bulletin/April-2025 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Mt2735 Firmware by Mediatek

Mt2737 Firmware by Mediatek

Mt6739 Firmware by Mediatek

Mt6761 Firmware by Mediatek

Mt6762 Firmware by Mediatek

Mt6762d Firmware by Mediatek

Mt6762m Firmware by Mediatek

Mt6763 Firmware by Mediatek

Mt6765 Firmware by Mediatek

Mt6765t Firmware by Mediatek

Mt6767 Firmware by Mediatek

Mt6768 Firmware by Mediatek

Mt6769 Firmware by Mediatek

Mt6769k Firmware by Mediatek

Mt6769s Firmware by Mediatek

Mt6769t Firmware by Mediatek

Mt6769z Firmware by Mediatek

Mt6771 Firmware by Mediatek

Mt6779 Firmware by Mediatek

Mt6781 Firmware by Mediatek

Mt6783 Firmware by Mediatek

Mt6785 Firmware by Mediatek

Mt6785t Firmware by Mediatek

Mt6785u Firmware by Mediatek

Mt6789 Firmware by Mediatek

Mt6813 Firmware by Mediatek

Mt6833 Firmware by Mediatek

Mt6833p Firmware by Mediatek

Mt6835 Firmware by Mediatek

Mt6835t Firmware by Mediatek

Mt6853 Firmware by Mediatek

Mt6853t Firmware by Mediatek

Mt6855 Firmware by Mediatek

Mt6855t Firmware by Mediatek

Mt6873 Firmware by Mediatek

Mt6875 Firmware by Mediatek

Mt6875t Firmware by Mediatek

Mt6877 Firmware by Mediatek

Mt6877t Firmware by Mediatek

Mt6877tt Firmware by Mediatek

Mt6878 Firmware by Mediatek

Mt6878m Firmware by Mediatek

Mt6879 Firmware by Mediatek

Mt6880 Firmware by Mediatek

Mt6883 Firmware by Mediatek

Mt6885 Firmware by Mediatek

Mt6886 Firmware by Mediatek

Mt6889 Firmware by Mediatek

Mt6890 Firmware by Mediatek

Mt6891 Firmware by Mediatek

Mt6893 Firmware by Mediatek

Mt6895 Firmware by Mediatek

Mt6895tt Firmware by Mediatek

Mt6896 Firmware by Mediatek

Mt6897 Firmware by Mediatek

Mt6899 Firmware by Mediatek

Mt6980 Firmware by Mediatek

Mt6980d Firmware by Mediatek

Mt6983 Firmware by Mediatek

Mt6983t Firmware by Mediatek

Mt6985 Firmware by Mediatek

Mt6985t Firmware by Mediatek

Mt6989 Firmware by Mediatek

Mt6989t Firmware by Mediatek

Mt6990 Firmware by Mediatek

Mt6991 Firmware by Mediatek

Mt8666 Firmware by Mediatek

Mt8667 Firmware by Mediatek

Mt8673 Firmware by Mediatek

Mt8675 Firmware by Mediatek

Mt8676 Firmware by Mediatek

Mt8678 Firmware by Mediatek

Mt8765 Firmware by Mediatek

Mt8766 Firmware by Mediatek

Mt8768 Firmware by Mediatek

Mt8771 Firmware by Mediatek

Mt8781 Firmware by Mediatek