CVE-2025-20750 is a vulnerability classified under CWE-476 (NULL Pointer Dereference) affecting a broad range of MediaTek modem chipsets, including models MT2735, MT6833, MT6853, MT6873, MT6880, MT6890, MT8675, MT8771, MT8791, and others. The vulnerability resides in the modem firmware's input validation logic, where improper handling of certain inputs can cause the modem software to dereference a NULL pointer, leading to a system crash. This crash results in a denial of service condition on the affected device. The exploit scenario involves a user equipment (UE) device connecting to a malicious or rogue base station controlled by an attacker. Because the attack vector is over the air and requires no user interaction or privileges, it is relatively easy to exploit in a targeted environment. The vulnerability impacts the availability of the modem subsystem but does not affect confidentiality or integrity. The CVSS v3.1 score is 6.5 (medium severity), with attack vector being adjacent network (the cellular network), low attack complexity, no privileges required, and no user interaction. MediaTek has assigned patch ID MOLY01661199 to address this issue. The vulnerability was publicly disclosed on December 2, 2025, and no known exploits have been reported in the wild as of now. The broad range of affected chipsets indicates a widespread potential impact across many devices using MediaTek modems, including smartphones, IoT devices, and telecom equipment.

For European organizations, the primary impact of CVE-2025-20750 is the potential for remote denial of service on devices utilizing the affected MediaTek modem chipsets. This can disrupt mobile communications, degrade service availability, and potentially impact critical infrastructure relying on cellular connectivity. Telecom operators, mobile network providers, and enterprises deploying IoT or mobile devices with these chipsets may experience service interruptions or degraded network performance. The lack of confidentiality or integrity impact limits the risk of data breaches, but availability disruptions can affect business continuity, emergency services, and operational technology systems. The vulnerability's exploitation via rogue base stations is particularly concerning in urban and industrial areas where attackers could deploy such infrastructure. European countries with advanced 4G/5G networks and high penetration of MediaTek-based devices are at greater risk. The absence of user interaction or privileges lowers the barrier for attackers to cause widespread denial of service, emphasizing the need for timely patching and network monitoring.

European organizations should implement the following specific mitigation measures: 1) Identify and inventory all devices using affected MediaTek modem chipsets, including smartphones, IoT devices, and telecom equipment. 2) Apply the official MediaTek patch (MOLY01661199) as soon as it becomes available from device manufacturers or vendors. 3) Collaborate with mobile network operators to detect and block rogue base stations using network anomaly detection tools and radio frequency monitoring. 4) Employ network-level protections such as base station authentication enhancements and anomaly detection to prevent unauthorized base station connections. 5) For critical infrastructure, consider deploying fallback communication channels or redundant connectivity to mitigate potential DoS impacts. 6) Educate security teams on monitoring cellular network logs for signs of suspicious base station activity. 7) Engage with device vendors to ensure firmware updates are distributed promptly. 8) Implement strict access controls and segmentation for devices relying on cellular connectivity to limit the blast radius of potential DoS attacks. These targeted actions go beyond generic patching advice and address the unique attack vector involving rogue base stations.