CVE-2025-20757 is a vulnerability classified under CWE-617 (Reachable Assertion) found in the modem firmware of multiple MediaTek chipsets, including MT2735, MT6833 series, MT6853 series, MT6873 series, MT6880 series, MT6890 series, MT8675, MT8771, MT8791 series, and MT8797. The flaw arises from improper input validation within the modem's handling of signals from base stations. Specifically, when a user equipment (UE) device connects to a rogue base station controlled by an attacker, the modem firmware encounters a reachable assertion failure that leads to a system crash, effectively causing a denial of service (DoS). This vulnerability does not require any additional execution privileges or user interaction, making it easier to exploit in the field. The affected modem version is NR15. The vulnerability was reserved in November 2024 and published in December 2025. The CVSS v3.1 score is 6.5 with vector AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating the attack requires adjacent network access (e.g., radio proximity), low attack complexity, no privileges, no user interaction, unchanged scope, no confidentiality or integrity impact, but high impact on availability. No known exploits have been reported in the wild yet. The root cause is a reachable assertion triggered by malformed or unexpected input from a rogue base station, causing the modem to crash and disrupt service. This vulnerability affects a broad range of MediaTek chipsets widely used in mobile devices, IoT, and embedded systems, potentially impacting millions of devices worldwide.

For European organizations, the primary impact of CVE-2025-20757 is the potential for remote denial of service on devices using affected MediaTek chipsets. This can disrupt mobile communications, IoT device functionality, and any critical services relying on these modems. Telecommunications providers, enterprises deploying large fleets of mobile or IoT devices, and critical infrastructure operators could experience service outages or degraded network reliability. The attack vector involves connecting to a rogue base station, which could be deployed by malicious actors or nation-state adversaries to target specific geographic areas or organizations. Disruption of mobile connectivity can impact emergency services, financial transactions, and operational technology systems. Although the vulnerability does not allow data theft or code execution, the availability impact alone can cause significant operational and reputational damage. The lack of required user interaction or privileges increases the risk of widespread exploitation if rogue base stations are deployed in populated areas or near critical facilities.

To mitigate CVE-2025-20757, organizations should prioritize applying the official patches released by MediaTek (Patch ID: MOLY01673751) as soon as they become available. Device manufacturers and mobile operators should coordinate firmware updates for affected devices to ensure broad coverage. Network-level defenses should be enhanced to detect and block rogue base stations, including deploying radio frequency monitoring tools and anomaly detection systems that can identify unauthorized base stations. Enterprises should implement strict network access controls and consider using SIM-based authentication enhancements to prevent devices from connecting to untrusted base stations. For critical infrastructure, deploying redundant communication paths and failover mechanisms can reduce the impact of potential DoS events. Additionally, educating users and administrators about the risks of connecting to unknown networks and maintaining up-to-date device firmware is essential. Continuous monitoring for unusual network behavior and incident response plans tailored to mobile network disruptions will further strengthen resilience.