CVE-2025-20756 is a vulnerability classified under CWE-1287 affecting numerous MediaTek modem chipsets, including MT2735, MT6833 series, MT6853 series, MT6873 series, MT6880 series, MT8673 series, MT8755, MT8771, MT8791 series, MT8863, MT8873, MT8883, and MT8893. The flaw arises from a logic error in the modem firmware (Modem NR15), which can be triggered remotely without requiring user interaction or elevated privileges. Specifically, if a user equipment (UE) connects to a maliciously controlled rogue base station, the attacker can induce a system crash resulting in a denial of service condition. This crash disrupts the modem’s normal operation, potentially causing device instability or loss of network connectivity. The vulnerability does not appear to allow code execution or data leakage but impacts system availability. MediaTek has assigned an internal patch ID (MOLY01673749) and issue ID (MSV-4643), but no public patch link is currently available. The vulnerability was reserved in November 2024 and published in December 2025. No known exploits have been reported in the wild yet. The broad range of affected chipsets indicates a widespread impact across many mobile devices that incorporate MediaTek modems, which are commonly used in smartphones, IoT devices, and embedded systems. The attack vector involves network-level manipulation by setting up rogue base stations, a technique known in mobile network security threats. The absence of required user interaction or authentication makes this vulnerability particularly concerning for remote exploitation scenarios.

For European organizations, the primary impact of CVE-2025-20756 is the potential for remote denial of service on devices using affected MediaTek modems. This can disrupt mobile communications, affecting business continuity, especially for sectors relying heavily on mobile connectivity such as telecommunications providers, emergency services, transportation, and critical infrastructure. IoT deployments using these chipsets may experience outages, leading to operational disruptions. The vulnerability could be exploited by attackers deploying rogue base stations within range of target devices, causing widespread network instability or device crashes. This may also impact consumer devices, leading to degraded user experience and potential reputational damage for service providers. The lack of privilege or user interaction requirements lowers the barrier for exploitation, increasing the risk profile. However, since no code execution or data compromise is indicated, confidentiality and integrity impacts are minimal. The availability impact is significant, particularly in environments where mobile connectivity is critical. The threat is heightened in urban areas with dense mobile device usage and where attackers can feasibly deploy rogue base stations.

1. Apply vendor patches immediately once publicly available to address the logic error in the modem firmware. 2. Implement network monitoring solutions capable of detecting rogue base stations or anomalous base station behavior to alert on potential exploitation attempts. 3. Employ mobile network security tools that validate base station authenticity and integrity, such as enhanced base station authentication protocols. 4. For enterprise-managed devices, enforce policies to restrict connections to trusted networks and disable automatic network selection where feasible. 5. Educate users and IT staff about the risks of connecting to unknown or suspicious cellular networks. 6. Collaborate with mobile network operators to monitor and mitigate rogue base station deployments in critical areas. 7. For IoT deployments, consider network segmentation and fallback communication methods to maintain availability during attacks. 8. Maintain up-to-date inventories of devices using affected MediaTek chipsets to prioritize patching and monitoring efforts. 9. Engage with device manufacturers and vendors to obtain timely firmware updates and security advisories.