CVE-2025-20644 is a vulnerability identified in MediaTek modem chipsets including models MT2735 through MT8798, affecting modem firmware versions NR15 and NR16. The root cause is improper error handling in the modem's software, which can lead to memory corruption when processing certain inputs from the cellular network. An attacker controlling a rogue base station can exploit this flaw by inducing a connected user equipment (UE) device to process malformed messages, triggering memory corruption that results in a denial of service (DoS) condition. This DoS manifests as modem crashes or loss of connectivity, disrupting the device's cellular communication capabilities. The vulnerability does not require any privileges or user interaction, making it easier to exploit in environments where an attacker can operate a rogue base station. The CVSS v3.1 score is 6.5 (medium severity), reflecting the lack of confidentiality or integrity impact but significant availability impact. MediaTek has assigned a patch ID MOLY01525673 to address this issue. Although no exploits have been reported in the wild, the widespread use of these chipsets in mobile devices globally, including Europe, makes this a relevant threat. The CWE-1286 classification indicates a syntactic correctness issue related to error handling in the modem firmware.

For European organizations, the primary impact is the potential for remote denial of service on devices using affected MediaTek modems. This can disrupt mobile communications, affecting employees' ability to connect to cellular networks, potentially impacting business operations reliant on mobile connectivity. Telecom operators and critical infrastructure providers using devices with these chipsets could experience service degradation or outages if targeted by attackers deploying rogue base stations. The vulnerability could also be leveraged in targeted attacks against high-value individuals or organizations by causing persistent connectivity failures. While no direct data breach or code execution is indicated, availability loss in mobile communications can have cascading effects on operational continuity, emergency services, and IoT deployments. The ease of exploitation without user interaction increases the risk in environments where attackers can deploy rogue base stations, such as urban areas or events with high device density.

Organizations should prioritize applying the official patches from MediaTek as soon as they become available to affected devices and firmware versions NR15 and NR16. Network operators should enhance detection and prevention mechanisms for rogue base stations, including deploying radio frequency monitoring tools and anomaly detection systems to identify unauthorized base stations. Mobile device management (MDM) solutions can be used to enforce firmware updates and monitor device connectivity health. For critical deployments, consider using devices with alternative chipsets not affected by this vulnerability or ensure fallback mechanisms are in place to maintain connectivity if a modem is disrupted. Security teams should educate users about the risks of connecting to unknown cellular networks and implement policies to restrict device connectivity to trusted networks where feasible. Collaboration with telecom providers to share threat intelligence about rogue base station activity can further reduce exposure.