Cyber Resilience

CVE-2025-20634

Critical

Published: 03 February 2025

Published
03 February 2025
Modified
17 February 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0695 91.6th percentile
Risk Priority 24 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-20634 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Mediatek Nr16. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 8.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

In Modem software, an out-of-bounds write vulnerability exists due to a missing bounds check, tracked as CWE-787. This affects MediaTek modem implementations and carries a CVSS score of 9.8. The flaw is addressed by patch ID MOLY01289384 and issue ID MSV-2436.

An attacker controlling a rogue base station can trigger the issue when a user equipment device connects to it. Successful exploitation yields remote code execution with no additional privileges or user interaction required.

The MediaTek February 2025 security bulletin lists the corresponding patch for affected modem builds and recommends applying the update to resolve the bounds-check deficiency.

EPSS remains at 0.0695 with no material increase observed since disclosure.

EU & UK References

Vulnerability details

In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional…

more

execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01289384; Issue ID: MSV-2436.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

Insufficient information to map techniques.
Confidence: LOW · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-20708Same product: Mediatek Mt2737
CVE-2025-20727Same product: Mediatek Mt2737
CVE-2026-20434Same product: Mediatek Mt2737
CVE-2026-20433Same product: Mediatek Mt2737
CVE-2026-20432Same product: Mediatek Mt2737
CVE-2026-20455Same product: Mediatek Mt6835
CVE-2025-20633Same vendor: Mediatek
CVE-2025-20631Same vendor: Mediatek
CVE-2025-20646Same vendor: Mediatek
CVE-2026-20407Same vendor: Mediatek

Affected Assets

mediatek
nr16
all versions
mediatek
nr17
all versions
mediatek
nr17r
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the CVE by requiring timely identification, reporting, and patching of the missing bounds check flaw in the modem, as evidenced by the available MOLY01289384 patch.

prevent

Mandates input validation and bounds checking on data received from base stations, directly preventing the out-of-bounds write vulnerability in the modem.

prevent

Implements memory protections such as ASLR and DEP to mitigate remote code execution from the out-of-bounds write even if bounds checking is absent.

References