CVE-2025-20761
📋 TL;DR
This vulnerability in MediaTek modems allows remote denial of service attacks when a user equipment (UE) connects to a rogue base station controlled by an attacker. The system crash occurs due to incorrect error handling in the modem firmware, requiring no user interaction or additional privileges. This affects devices with vulnerable MediaTek modem chipsets.
💻 Affected Systems
- MediaTek modem chipsets
📦 What is this software?
Nr15 by Mediatek
Nr16 by Mediatek
Nr17 by Mediatek
⚠️ Risk & Real-World Impact
Worst Case
Permanent device bricking requiring hardware replacement, or persistent denial of service rendering the device unusable for cellular connectivity.
Likely Case
Temporary system crash requiring device reboot, with potential data loss and service disruption until device restarts.
If Mitigated
Limited impact with proper network segmentation and base station authentication controls preventing connection to rogue base stations.
🎯 Exploit Status
Requires attacker to operate rogue base station (IMSI catcher/stingray) and victim device to connect to it.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Firmware with patch ID MOLY01311265
Vendor Advisory: https://corp.mediatek.com/product-security-bulletin/January-2026
Restart Required: Yes
Instructions:
1. Contact device manufacturer for firmware updates. 2. Apply MediaTek modem firmware update containing patch MOLY01311265. 3. Reboot device after update.
🔧 Temporary Workarounds
Disable automatic network selection
allManually select trusted network operators to prevent automatic connection to rogue base stations
Enable airplane mode in untrusted areas
allDisable cellular radio when in locations where rogue base stations might operate
🧯 If You Can't Patch
- Implement network monitoring for IMSI catchers/rogue base stations in critical areas
- Use devices with different modem chipsets for critical operations
🔍 How to Verify
Check if Vulnerable:
Check device specifications for MediaTek modem and contact manufacturer for vulnerability statusCheck Version:
Manufacturer-specific commands; typically requires diagnostic mode or manufacturer toolsVerify Fix Applied:
Verify modem firmware version includes patch MOLY01311265 through manufacturer tools📡 Detection & Monitoring
Log Indicators:
- Unexpected modem resets
- Base station ID changes without location movement
- Frequent cellular disconnections
Network Indicators:
- Unusual base station signals in unexpected locations
- IMSI catcher detection alerts
SIEM Query:
Device logs showing modem crash events or base station handover anomalies