CVE-2025-20758 identifies a vulnerability in the modem firmware of a broad range of MediaTek chipsets (including MT2735 through MT8893 series) used in mobile devices. The root cause is an uncaught exception (CWE-248) within the modem's NR (New Radio) protocol stack versions NR15, NR16, NR17, and NR17R. When a user equipment (UE) connects to a maliciously controlled rogue base station, the modem encounters an exception it cannot handle, resulting in a system crash. This crash leads to a remote denial of service (DoS) condition, effectively disrupting the device’s cellular connectivity. Exploitation does not require any additional execution privileges or user interaction, making it a low-barrier attack vector. The vulnerability affects the modem’s availability and potentially impacts the device's ability to maintain network connectivity. The issue was reserved in November 2024 and published in December 2025, with no CVSS score assigned yet. No public exploits have been reported, but the broad range of affected chipsets and the nature of the attack vector make it a significant concern. The vulnerability is particularly relevant for devices relying on MediaTek modems in mobile networks, including smartphones, IoT devices, and embedded systems. The patch identifier MOLY01673755 and issue ID MSV-4647 indicate that MediaTek has developed a fix, though patch deployment depends on device manufacturers and carriers.

For European organizations, this vulnerability could disrupt mobile communications by causing devices to crash when connecting to rogue base stations. This can impact critical sectors relying on mobile connectivity such as emergency services, transportation, healthcare, and industrial IoT. The denial of service could degrade operational continuity and user productivity. Since exploitation requires no user interaction or privileges, attackers could target large numbers of devices remotely, potentially causing widespread outages. The risk is amplified in environments with high reliance on cellular networks for primary or backup communications. Additionally, rogue base stations could be deployed by malicious actors or nation-state adversaries to disrupt communications or conduct surveillance. The impact extends to mobile network operators who may face increased support costs and reputational damage. European enterprises with mobile device fleets using MediaTek chipsets are at risk of service interruptions, affecting business continuity and security monitoring capabilities.

Organizations should prioritize obtaining and deploying the vendor-supplied patches (MOLY01673755) as soon as they become available from device manufacturers or carriers. Network operators should implement detection and prevention mechanisms for rogue base stations, including monitoring for anomalous base station identifiers and signal characteristics. Employing mobile threat defense solutions that can detect suspicious network behavior is recommended. Enterprises should enforce strict device management policies to ensure devices are updated promptly and restrict connections to untrusted networks. Where possible, use multi-factor authentication and VPNs to secure communications, mitigating the impact of potential network-level attacks. Security teams should monitor threat intelligence feeds for any emerging exploits and prepare incident response plans for potential denial of service scenarios. Collaboration with telecom providers to enhance network security and rapid incident response is advised. Finally, educating users about the risks of connecting to unknown networks can reduce exposure.