CVE-2025-20634

Critical

Published: 03 February 2025

Published

03 February 2025

Modified

17 February 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0695 91.5th percentile

Risk Priority 24 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-20634 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Mediatek Nr16. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 8.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly addresses the CVE by requiring timely identification, reporting, and patching of the missing bounds check flaw in the modem, as evidenced by the available MOLY01289384 patch.

SI-10 Information Input Validation good match

prevent

Mandates input validation and bounds checking on data received from base stations, directly preventing the out-of-bounds write vulnerability in the modem.

SI-16 Memory Protection good match

prevent

Implements memory protections such as ASLR and DEP to mitigate remote code execution from the out-of-bounds write even if bounds checking is absent.

MITRE ATT&CK Enterprise TechniquesAI

Insufficient information to map techniques.

Confidence: LOW · MITRE ATT&CK Enterprise v18.1

NVD Description

In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional…

execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01289384; Issue ID: MSV-2436.

Deeper analysisAI

CVE-2025-20634 is a critical vulnerability in the Modem component, stemming from a missing bounds check that enables an out-of-bounds write (CWE-787). It affects MediaTek modem implementations, as evidenced by the associated Patch ID MOLY01289384 and Issue ID MSV-2436. Published on 2025-02-03, the flaw carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for remote code execution.

Exploitation requires an attacker to control a rogue base station, to which a user equipment (UE), such as a mobile device, connects. No additional execution privileges or user interaction are needed, allowing the attacker to trigger the out-of-bounds write and achieve remote code execution on the targeted UE over the network with low complexity.

MediaTek's February 2025 Product Security Bulletin provides details on mitigation, including the patch MOLY01289384 available at https://corp.mediatek.com/product-security-bulletin/February-2025. Security practitioners should prioritize applying this patch to affected devices to prevent exploitation.

Details

CWE(s): CWE-787

Affected Products

mediatek

nr16

all versions

mediatek

nr17

all versions

mediatek

nr17r

all versions

CVEs Like This One

CVE-2025-20708Same product: Mediatek Mt2737

CVE-2025-20727Same product: Mediatek Mt2737

CVE-2026-20434Same product: Mediatek Mt2737

CVE-2026-20433Same product: Mediatek Mt2737

CVE-2026-20432Same product: Mediatek Mt2737

CVE-2025-20646Same vendor: Mediatek

CVE-2025-20631Same vendor: Mediatek

CVE-2025-20632Same vendor: Mediatek

CVE-2025-20633Same vendor: Mediatek

CVE-2026-20407Same vendor: Mediatek

References

https://corp.mediatek.com/product-security-bulletin/February-2025
Vendor Advisory · security@mediatek.com