CVE-2025-20637
Published: 03 February 2025
Summary
CVE-2025-20637 is a high-severity Uncaught Exception (CWE-248) vulnerability in Mediatek Software Development Kit. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 10.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-2 (Flaw Remediation).
Deeper analysis
In network hardware from MediaTek, an uncaught exception can trigger a system hang, resulting in remote denial of service. The flaw is tracked as CWE-248 and CWE-754, carries a CVSS 3.1 score of 7.5, and requires no privileges or user interaction for exploitation. Patch ID WCNCR00399035 addresses Issue ID MSV-2380.
An unauthenticated remote attacker can send crafted network traffic to the affected hardware and cause the device to become unresponsive, producing a denial-of-service condition without further access or interaction.
MediaTek’s February 2025 product security bulletin lists the issue and directs users to the referenced patch for remediation.
EPSS for the CVE reached a peak of 0.0617 on 2026-03-15 before receding to the current value of 0.0481.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-2187
Vulnerability details
In network HW, there is a possible system hang due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00399035; Issue ID:…
more
MSV-2380.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated exploitation of uncaught exception in network hardware directly enables system/application crash for DoS impact.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the uncaught exception vulnerability by applying the vendor-provided patch WCNCR00399035, preventing remote DoS exploitation.
Implements denial-of-service protections such as rate limiting and traffic filtering to block remote attacks triggering the system hang in network hardware.
Ensures proper error handling for exceptions to avoid system hangs from malformed network inputs, addressing CWE-248 and CWE-754 root causes.