CVE-2025-20678 is a high-severity vulnerability affecting a broad range of MediaTek modem chipsets, specifically models MT6739 through MT8893 and their variants, running modem firmware versions LR12A, LR13, NR15, NR16, NR17, and NR17R. The vulnerability arises from improper error handling in the IMS (IP Multimedia Subsystem) service, which leads to uncontrolled recursion. This flaw can cause the system to crash, resulting in a denial of service (DoS) condition. Exploitation is possible remotely without requiring any privileges or user interaction. An attacker controlling a rogue base station can trigger this vulnerability when a user equipment (UE) connects to it, causing the modem to crash and disrupt network connectivity. The vulnerability is classified under CWE-674 (Improper Control of a Resource Through a Logic Time Bomb or Uncontrolled Recursion), indicating that recursive calls are not properly bounded or terminated, leading to resource exhaustion or system instability. The CVSS v3.1 base score is 7.5 (high), reflecting the network attack vector, low attack complexity, no privileges required, no user interaction, and impact limited to availability (system crash). No known exploits are reported in the wild yet, but the wide range of affected chipsets and the ease of exploitation make this a significant threat. No patch links were provided, but MediaTek has assigned Patch ID MOLY01394606 and Issue ID MSV-2739 to address this issue.

For European organizations, the impact of this vulnerability can be substantial, especially for enterprises and service providers relying on devices embedded with affected MediaTek chipsets. The vulnerability enables remote denial of service without user interaction or privileges, which can disrupt mobile communications, IoT devices, and other connected equipment using these modems. Critical infrastructure sectors such as telecommunications, emergency services, and industrial control systems that use LTE/5G modems with these chipsets could experience outages or degraded service. This could lead to operational disruptions, loss of productivity, and potential safety risks. Additionally, organizations deploying large fleets of mobile devices or IoT sensors in the field may face widespread device failures if rogue base stations are used by attackers to exploit this vulnerability. The lack of confidentiality or integrity impact reduces the risk of data breaches, but availability disruptions can still have severe business consequences. The threat is particularly relevant in environments where network security controls are limited and where devices frequently connect to untrusted or public cellular networks.

1. Immediate deployment of firmware updates or patches from MediaTek or device manufacturers once available is critical to remediate the vulnerability. 2. Network operators and enterprises should implement detection and prevention mechanisms to identify and block rogue base stations, such as using IMSI catchers detection tools and anomaly-based network monitoring. 3. Employ network access control policies that restrict device connections to trusted base stations or use SIM-based authentication enhancements to prevent unauthorized network attachment. 4. For critical deployments, consider using devices with alternative chipsets not affected by this vulnerability until patches are applied. 5. Regularly audit and update device firmware to ensure all security patches are applied promptly. 6. Educate users and administrators about the risks of connecting to unknown or suspicious cellular networks, especially in high-risk environments. 7. Collaborate with mobile network operators to enhance base station authentication and integrity verification mechanisms to reduce the risk of rogue base station attacks.