CVE-2025-20726
📋 TL;DR
This vulnerability allows remote attackers to execute arbitrary code on affected devices by exploiting an out-of-bounds write in the modem firmware when connecting to a malicious base station. It affects devices with MediaTek modems that haven't applied the security patch. No user interaction is required for exploitation.
💻 Affected Systems
- MediaTek modem chipsets
📦 What is this software?
Lr12a by Mediatek
Nr15 by Mediatek
Nr16 by Mediatek
Nr17 by Mediatek
Nr17r by Mediatek
⚠️ Risk & Real-World Impact
Worst Case
Complete device compromise allowing attacker to install persistent malware, steal sensitive data, and use device as part of botnet.
Likely Case
Remote code execution leading to data theft, surveillance capabilities, and potential lateral movement within network.
If Mitigated
Limited impact if devices are patched or network segmentation prevents rogue base station connections.
🎯 Exploit Status
Requires attacker to operate rogue base station within radio range of target device. No authentication needed once device connects.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Patch ID: MOLY01672598
Vendor Advisory: https://corp.mediatek.com/product-security-bulletin/November-2025
Restart Required: Yes
Instructions:
1. Check with device manufacturer for firmware updates. 2. Apply modem firmware patch MOLY01672598. 3. Reboot device after update. 4. Verify patch installation.
🔧 Temporary Workarounds
Disable automatic network selection
allPrevent devices from automatically connecting to unknown base stations
Use trusted networks only
allConfigure devices to only connect to pre-approved cellular networks
🧯 If You Can't Patch
- Segment network to isolate vulnerable devices from critical systems
- Implement physical security controls to prevent rogue base stations in sensitive areas
🔍 How to Verify
Check if Vulnerable:
Check modem firmware version against vendor patch information. Contact device manufacturer for specific version details.Check Version:
Device-specific commands vary by manufacturer. Typically available through device settings or diagnostic menus.Verify Fix Applied:
Verify patch MOLY01672598 is installed in modem firmware. Check with device manufacturer for verification tools.📡 Detection & Monitoring
Log Indicators:
- Unexpected base station connections
- Modem firmware crash logs
- Unusual network activity from device
Network Indicators:
- Devices connecting to unknown cell tower IDs
- Anomalous base station signal patterns
SIEM Query:
Search for modem firmware errors or unexpected cellular network connections in device logs