CVE-2025-20754 is a vulnerability classified under CWE-248 (Uncaught Exception) found in MediaTek modem chipsets including MT2735, MT2737, MT6813, MT6833 series, MT6853 series, MT6873 series, MT6880 series, MT6980 series, MT8673 series, MT8755, MT8771, MT8791 series, MT8863, MT8873, MT8883, and MT8893. The root cause is an incorrect bounds check in the modem firmware that leads to an uncaught exception, causing the system to crash. This flaw can be triggered remotely when a user equipment (UE) connects to a maliciously controlled rogue base station. Exploitation does not require user interaction or elevated privileges, but the attacker must be able to operate a rogue base station to induce the crash. The impact is a denial of service (DoS) condition, disrupting modem functionality and potentially causing device reboots or loss of network connectivity. Affected modem firmware versions include NR15, NR16, NR17, and NR17R. The vulnerability was published on December 2, 2025, with a CVSS v3.1 base score of 5.3 (medium severity), reflecting network attack vector, high attack complexity, low privileges required, no user interaction, and impact limited to availability. No known exploits have been reported in the wild to date. MediaTek has assigned patch ID MOLY01689251 to address this issue. The vulnerability poses a risk to mobile devices and IoT equipment using these chipsets, especially in environments where rogue base stations could be deployed by attackers.

For European organizations, this vulnerability could disrupt mobile communications by causing denial of service on devices using affected MediaTek modems. Telecom operators may face network instability or customer complaints if rogue base stations are deployed in their coverage areas. Critical infrastructure relying on mobile connectivity, such as emergency services, transportation, and industrial IoT, could experience outages or degraded service. The lack of required user interaction and low privilege needed for exploitation increases the risk in scenarios where attackers have physical proximity or can deploy rogue base stations covertly. While the vulnerability does not compromise confidentiality or integrity, the availability impact can affect business operations, especially for sectors dependent on continuous mobile connectivity. The broad range of affected chipsets means many consumer and enterprise devices across Europe could be vulnerable, amplifying the potential scale of impact.

European organizations should prioritize applying the MediaTek patch MOLY01689251 as soon as it becomes available for their affected devices. Telecom providers should enhance detection and mitigation of rogue base stations through network monitoring, anomaly detection, and signal validation techniques. Deploying network access control and authentication mechanisms can reduce the risk of rogue base station exploitation. Device manufacturers and integrators should update firmware on affected modems promptly and verify patch deployment. Organizations should educate users about the risks of connecting to unknown or suspicious networks and consider using VPNs or secure communication channels to mitigate exposure. For critical infrastructure, implementing redundant communication paths and failover mechanisms can minimize disruption from potential DoS attacks. Continuous monitoring for unusual network behavior and collaboration with mobile network operators to identify and neutralize rogue base stations are recommended.