CVE-2025-20756 is a vulnerability identified in a wide range of MediaTek modem chipsets, including models MT2735 through MT8893, all running Modem NR15 firmware. The root cause is a logic error within the modem's software that can cause a system crash when a user equipment (UE) device connects to a rogue base station controlled by an attacker. This flaw does not require any user interaction or elevated privileges, making it remotely exploitable by an adversary capable of setting up a malicious base station. The vulnerability is classified under CWE-1287, indicating a logic error leading to unintended behavior. The primary impact is a denial of service condition, where the modem crashes and disrupts device availability. The CVSS v3.1 base score is 6.5, reflecting medium severity with attack vector as adjacent network (the attacker must be within radio range), low attack complexity, no privileges required, no user interaction, and impact limited to availability. No confidentiality or integrity impacts are noted. Although no exploits are currently known in the wild, the potential for disruption exists, especially in environments where rogue base stations can be deployed. The vendor has assigned a patch ID (MOLY01673749) to address the issue, though no direct patch links are provided. The vulnerability affects a broad range of MediaTek chipsets commonly used in mobile devices and IoT equipment, highlighting the importance of timely remediation.

For European organizations, the primary impact of CVE-2025-20756 is the potential for remote denial of service on devices using affected MediaTek modems. This can disrupt critical communications, particularly for industries relying on mobile connectivity such as telecommunications providers, emergency services, transportation, and IoT deployments. The vulnerability could be exploited by attackers deploying rogue base stations in proximity to target devices, causing repeated modem crashes and service outages. This may lead to operational downtime, loss of communication capabilities, and potential safety risks in critical infrastructure. While confidentiality and integrity are not directly impacted, availability degradation can have cascading effects on business continuity and user trust. Organizations with employees or assets in public or unsecured environments are at higher risk. Additionally, telecom operators using affected hardware in their network infrastructure may experience service instability. The lack of required user interaction or privileges lowers the barrier for exploitation, increasing the threat surface. However, the need for physical proximity to the victim device limits the attack scope somewhat.

1. Apply the official patch (MOLY01673749) from MediaTek or device manufacturers as soon as it becomes available to ensure the logic error causing the crash is resolved. 2. Implement network monitoring solutions capable of detecting rogue base stations or unusual radio frequency activity, especially in sensitive or high-risk environments. 3. Employ UE-side security features that can validate base station authenticity, such as enhanced base station authentication protocols or SIM-based protections. 4. Educate users and administrators about the risks of connecting to unknown or suspicious cellular networks, particularly in public or untrusted locations. 5. For enterprise and telecom operators, conduct regular security assessments of cellular infrastructure and consider deploying intrusion detection systems specialized for mobile network threats. 6. Collaborate with mobile network providers to share threat intelligence regarding rogue base station activity. 7. Maintain an inventory of devices using affected MediaTek chipsets to prioritize patch deployment and risk management. 8. Consider network segmentation and fallback communication methods to maintain critical operations during potential DoS events.