CVE-2025-20634
Published: 03 February 2025
Summary
CVE-2025-20634 is a critical-severity Out-of-bounds Write (CWE-787) vulnerability in Mediatek Nr16. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 8.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
In Modem software, an out-of-bounds write vulnerability exists due to a missing bounds check, tracked as CWE-787. This affects MediaTek modem implementations and carries a CVSS score of 9.8. The flaw is addressed by patch ID MOLY01289384 and issue ID MSV-2436.
An attacker controlling a rogue base station can trigger the issue when a user equipment device connects to it. Successful exploitation yields remote code execution with no additional privileges or user interaction required.
The MediaTek February 2025 security bulletin lists the corresponding patch for affected modem builds and recommends applying the update to resolve the bounds-check deficiency.
EPSS remains at 0.0695 with no material increase observed since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-2184
Vulnerability details
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional…
more
execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01289384; Issue ID: MSV-2436.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Insufficient information to map techniques.CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly addresses the CVE by requiring timely identification, reporting, and patching of the missing bounds check flaw in the modem, as evidenced by the available MOLY01289384 patch.
Mandates input validation and bounds checking on data received from base stations, directly preventing the out-of-bounds write vulnerability in the modem.
Implements memory protections such as ASLR and DEP to mitigate remote code execution from the out-of-bounds write even if bounds checking is absent.