CVE-2025-20704 is a high-severity vulnerability identified in multiple MediaTek modem chipsets, including MT6813, MT6835, MT6835T, MT6878, MT6878M, MT6897, MT6899, MT6991, MT8676, MT8678, MT8792, MT8863, MT8873, and MT8883. The flaw is classified as a CWE-787 Out-of-bounds Write, which occurs due to a missing bounds check in the modem firmware (specifically versions Modem NR17 and NR17R). This vulnerability allows an attacker controlling a rogue base station to trigger an out-of-bounds write condition remotely when a user equipment (UE) connects to it. Exploitation does not require any additional execution privileges, but user interaction is necessary, meaning the victim device must connect to the malicious base station. The out-of-bounds write can lead to remote escalation of privilege, potentially compromising the confidentiality, integrity, and availability of the affected device. The CVSS v3.1 base score is 8.8, indicating a high severity level, with attack vector being network-based, low attack complexity, no privileges required, but user interaction needed. The vulnerability affects critical modem components that handle cellular communications, making it a significant threat to mobile devices using these MediaTek chipsets. No known exploits are currently reported in the wild, and a patch has been identified (MOLY01516959), though no direct patch links are provided. The vulnerability was reserved in November 2024 and published in September 2025.

For European organizations, this vulnerability poses a substantial risk, especially those relying on mobile communications for critical operations, including enterprises with mobile workforce, IoT deployments, and telecom providers. Exploitation could allow attackers to escalate privileges on devices remotely by masquerading as rogue base stations, potentially leading to unauthorized access to sensitive data, interception or manipulation of communications, and disruption of services. This could impact confidentiality by exposing private communications, integrity by allowing data tampering, and availability by causing device instability or denial of service. Given the widespread use of MediaTek chipsets in smartphones and IoT devices, the attack surface is broad. The requirement for user interaction (connecting to a rogue base station) somewhat limits exploitation but does not eliminate risk, especially in public or untrusted environments. European organizations handling sensitive or regulated data (e.g., finance, healthcare, government) could face compliance and reputational damage if devices are compromised. Additionally, telecom operators could see network trust undermined if rogue base stations are used for large-scale attacks.

Organizations should prioritize updating affected devices with the vendor-provided patches (MOLY01516959) as soon as they become available. Since the vulnerability resides in modem firmware, coordination with device manufacturers and mobile network operators is essential to ensure timely deployment. Network-level mitigations include monitoring for rogue base stations using radio frequency detection tools and anomaly detection systems to alert on suspicious cellular signals. Enterprises should educate users about the risks of connecting to unknown or untrusted cellular networks, especially in public or high-risk areas. Implementing mobile device management (MDM) solutions can help enforce security policies and facilitate patch management. For IoT deployments, network segmentation and strict access controls can limit the impact of compromised devices. Telecom providers should enhance base station authentication mechanisms and consider deploying detection systems for rogue base stations to protect subscribers. Finally, continuous monitoring and incident response plans should be updated to address potential exploitation scenarios involving this vulnerability.