CVE-2025-20752 is a vulnerability classified under CWE-617 (Reachable Assertion) affecting a broad range of MediaTek modem chipsets, including MT2735, MT2737, MT6813, MT6833 series, MT6853 series, MT6873 series, MT6880 series, MT6890 series, MT6980 series, MT6990 series, MT8676, and MT8791T. The root cause is a missing bounds check in the modem firmware, which leads to a reachable assertion failure. When a user equipment (UE) with an affected modem connects to a rogue base station controlled by an attacker, the assertion triggers a system crash, resulting in a denial of service (DoS) condition. The attack vector is network-based (AV:N), requires low privileges (PR:L), and does not require user interaction (UI:N). The scope is unchanged (S:U), and the impact is limited to availability (A:H) with no confidentiality or integrity impact. The affected modem versions are NR15, NR16, NR17, and NR17R. This vulnerability can be exploited remotely without additional execution privileges, making it a significant risk for mobile devices using these chipsets. The vulnerability was published on December 2, 2025, with a CVSS v3.1 base score of 6.5 (medium severity). No known exploits have been reported in the wild. MediaTek has assigned a patch ID MOLY01270690 and issue ID MSV-4301, though no public patch links are currently available. The vulnerability poses a risk of service disruption, particularly in environments where devices rely on stable cellular connectivity. Attackers can leverage rogue base stations to trigger the crash, potentially impacting large numbers of devices in targeted areas.

For European organizations, the primary impact of CVE-2025-20752 is the potential for remote denial of service on devices using affected MediaTek modem chipsets. This can disrupt mobile communications, affecting business continuity, especially for sectors relying on mobile networks such as telecommunications providers, emergency services, transportation, and critical infrastructure. The vulnerability could be exploited to cause widespread service outages in areas where rogue base stations are deployed, potentially impacting mobile users and IoT devices. Confidentiality and integrity are not directly affected, but availability degradation can have cascading effects on operational capabilities. Organizations with mobile device fleets or embedded systems using these chipsets may experience increased downtime or degraded service quality. The lack of user interaction and low privilege requirements make this vulnerability easier to exploit remotely, increasing the risk profile. Additionally, the presence of rogue base stations is a known threat vector in certain regions, which could be leveraged by threat actors to target European networks. Without timely patching, the risk of service disruption remains significant, potentially affecting customer trust and regulatory compliance related to service availability.

To mitigate CVE-2025-20752, European organizations should prioritize the following actions: 1) Coordinate with device manufacturers and vendors to obtain and deploy the official firmware patch identified by MediaTek (MOLY01270690) as soon as it becomes available. 2) Implement network-level detection and prevention mechanisms to identify and block rogue base stations, such as using IMSI catchers detection tools and anomaly-based intrusion detection systems in mobile networks. 3) Employ mobile device management (MDM) solutions to monitor device firmware versions and enforce updates across enterprise device fleets. 4) Educate network security teams about the risks of rogue base stations and establish incident response plans for suspected DoS events caused by this vulnerability. 5) Collaborate with mobile network operators to enhance base station authentication and integrity verification processes, reducing the risk of rogue base station exploitation. 6) For critical infrastructure relying on cellular connectivity, consider redundant communication channels to maintain availability during potential DoS attacks. 7) Continuously monitor threat intelligence feeds for updates on exploit developments and patch releases related to this CVE. These targeted measures go beyond generic advice by focusing on both device-level patching and network-level protections specific to the attack vector.