CVE-2025-20667 is a vulnerability classified under CWE-326 (Inadequate Encryption Strength) found in MediaTek modem chipsets spanning a broad range of models (e.g., MT2735 through MT8797) and modem firmware versions LR12A to NR17R. The flaw arises from incorrect error handling within the modem's encryption mechanisms, which can lead to information disclosure when a user equipment (UE) device connects to a maliciously controlled rogue base station. The attacker does not require any elevated privileges or user interaction to exploit this vulnerability, making it a remote attack vector. The vulnerability primarily compromises confidentiality by potentially leaking sensitive data transmitted over the cellular network. The CVSS v3.1 score is 6.5 (medium), reflecting the attack vector as adjacent network (the attacker must be within radio range), low attack complexity, no privileges required, no user interaction, and high confidentiality impact but no impact on integrity or availability. The vulnerability affects a wide range of MediaTek chipsets commonly used in smartphones and IoT devices, which are prevalent globally. Although no known exploits are currently reported in the wild, the existence of a patch (MOLY01513293) indicates vendor acknowledgment and remediation efforts. The issue is significant because rogue base stations can be deployed relatively easily by attackers to intercept or manipulate mobile communications, and this vulnerability weakens the encryption safeguards intended to protect user data.

For European organizations, the primary impact is the potential unauthorized disclosure of sensitive information transmitted via cellular networks using affected MediaTek chipsets. This could include corporate communications, personal data, or authentication tokens, leading to privacy breaches and potential regulatory non-compliance under GDPR. Sectors such as finance, government, healthcare, and critical infrastructure that rely on mobile communications for sensitive data exchange are particularly at risk. The vulnerability could be exploited by attackers deploying rogue base stations in proximity to targets, enabling targeted espionage or data harvesting without requiring device compromise or user action. While the vulnerability does not affect data integrity or availability, the confidentiality breach alone can have severe reputational and operational consequences. The widespread use of MediaTek chipsets in mid-range and budget devices across Europe increases the attack surface, especially for organizations with bring-your-own-device (BYOD) policies or mobile workforce. The lack of known exploits in the wild currently limits immediate risk but does not preclude future exploitation as awareness grows.

1. Apply the official MediaTek patch (MOLY01513293) as soon as it becomes available from device manufacturers or vendors to remediate the vulnerability at the modem firmware level. 2. Network operators and enterprises should implement detection mechanisms for rogue base stations, such as monitoring for anomalous cell tower identifiers and signal characteristics. 3. Encourage users to avoid connecting to unknown or suspicious cellular networks, especially in high-risk environments. 4. Employ mobile device management (MDM) solutions to enforce security policies and ensure timely updates on corporate devices. 5. Use end-to-end encryption for sensitive communications at the application layer to reduce reliance on lower-layer encryption. 6. Collaborate with telecom providers to enhance network security and incident response capabilities against rogue base station attacks. 7. Conduct regular security awareness training for employees about the risks of connecting to untrusted cellular networks. 8. For critical infrastructure, consider using multi-factor authentication and network segmentation to limit exposure if mobile communications are compromised.