CVE-2025-20666

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-20666
In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00650610; Issue ID: MSV-2933.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://corp.mediatek.com/product-security-bulletin/May-2025 Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:mediatek:nr15:-:*:*:*:*:*:*:*
OR cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6833p:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6855t:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6875t:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6877t:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6877tt:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8771:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8795t:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*
History

08 May 2025, 19:28

Type Values Removed Values Added
CPE cpe:2.3:o:mediatek:lr15:-:*:*:*:*:*:*:* cpe:2.3:o:mediatek:nr15:-:*:*:*:*:*:*:*
First Time Mediatek nr15

06 May 2025, 14:04

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5
First Time Mediatek mt6873
Mediatek mt6833
Mediatek mt8791
Mediatek mt6883
Mediatek mt6890
Mediatek mt2735
Mediatek mt6880
Mediatek mt6855
Mediatek mt6877tt
Mediatek mt6885
Mediatek mt8667
Mediatek mt6875t
Mediatek mt6891
Mediatek lr15
Mediatek
Mediatek mt8797
Mediatek mt8791t
Mediatek mt8798
Mediatek mt6853t
Mediatek mt6833p
Mediatek mt6877t
Mediatek mt6853
Mediatek mt8675
Mediatek mt8673
Mediatek mt6875
Mediatek mt8771
Mediatek mt6893
Mediatek mt8666
Mediatek mt6877
Mediatek mt6889
Mediatek mt6855t
Mediatek mt8795t
References () https://corp.mediatek.com/product-security-bulletin/May-2025 - () https://corp.mediatek.com/product-security-bulletin/May-2025 - Vendor Advisory
CPE cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6833p:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6891:-:*:*:*:*:*:*:*
cpe:2.3:o:mediatek:lr15:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6883:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8667:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8675:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6890:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6853t:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6855t:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6877t:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8797:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8673:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6855:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8666:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6889:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8771:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6877tt:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6880:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8791:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8798:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt2735:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6875:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6875t:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8795t:-:*:*:*:*:*:*:*
cpe:2.3:h:mediatek:mt8791t:-:*:*:*:*:*:*:*

05 May 2025, 20:54

Type Values Removed Values Added
Summary
  • (es) En Modem, existe un posible fallo del sistema debido a una excepción no detectada. Esto podría provocar una denegación de servicio remota si un UE se conecta a una estación base no autorizada controlada por el atacante, sin necesidad de privilegios de ejecución adicionales. No se requiere la interacción del usuario para su explotación. ID de parche: MOLY00650610; ID de problema: MSV-2933.

05 May 2025, 03:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-05-05 03:15

Updated : 2025-05-12 18:15

NVD link : CVE-2025-20666

Mitre link : CVE-2025-20666

CVE.ORG link : CVE-2025-20666

JSON object : View

Products Affected

mediatek

  • mt6873
  • mt6853t
  • mt6893
  • mt6833
  • mt6855t
  • mt6877t
  • mt6875t
  • mt6833p
  • mt8795t
  • mt6891
  • mt8673
  • mt6883
  • mt6885
  • mt6855
  • mt6890
  • nr15
  • mt6889
  • mt8771
  • mt2735
  • mt6877tt
  • mt8666
  • mt6877
  • mt8791
  • mt8791t
  • mt8667
  • mt8675
  • mt8798
  • mt8797
  • mt6853
  • mt6875
  • mt6880
CWE
CWE-617

Reachable Assertion