CVE-2025-20704

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-20704
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01516959; Issue ID: MSV-3502.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://corp.mediatek.com/product-security-bulletin/September-2025 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:o:mediatek:nr17:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:nr17r:-:*:*:*:*:*:*:*
OR cpe:2.3:h:mediatek:mt6813:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6835t:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6878:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6878m:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6899:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6991:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8676:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8792:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8863:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8873:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8883:-:*:*:*:*:*:*:*
History

03 Sep 2025, 16:07

Type Values Removed Values Added
CPE cpe:2.3:h:mediatek:mt8676:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6878m:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8792:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6813:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:nr17:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6835:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8873:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8678:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6899:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6897:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6835t:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8863:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8883:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:nr17r:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6878:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6991:-:*:*:*:*:*:*:*
First Time Mediatek mt6878m
Mediatek mt6991
Mediatek mt8678
Mediatek
Mediatek nr17r
Mediatek mt6878
Mediatek mt8676
Mediatek mt8873
Mediatek mt6897
Mediatek mt6835
Mediatek mt8883
Mediatek mt8863
Mediatek mt8792
Mediatek mt6835t
Mediatek mt6899
Mediatek nr17
Mediatek mt6813
References () https://corp.mediatek.com/product-security-bulletin/September-2025 - () https://corp.mediatek.com/product-security-bulletin/September-2025 - Vendor Advisory

02 Sep 2025, 13:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.8

01 Sep 2025, 06:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-09-01 06:15

Updated : 2025-09-03 16:07

NVD link : CVE-2025-20704

Mitre link : CVE-2025-20704

CVE.ORG link : CVE-2025-20704

JSON object : View

Products Affected

mediatek

  • nr17
  • mt8678
  • mt6878m
  • nr17r
  • mt6878
  • mt6897
  • mt8792
  • mt6835t
  • mt8873
  • mt8883
  • mt6991
  • mt8863
  • mt8676
  • mt6835
  • mt6899
  • mt6813
CWE
CWE-787

Out-of-bounds Write