CVE-2025-20758 is a vulnerability in the modem firmware of a broad range of MediaTek chipsets (including MT2735, MT2737, MT6813, MT6833 series, MT6853 series, MT6873 series, MT6890 series, MT6980 series, MT8673 series, MT8755, MT8771, MT8791 series, MT8863, MT8883, and others). The root cause is an uncaught exception within the modem software, classified under CWE-248 (Uncaught Exception). When a user equipment (UE) device equipped with these modems connects to a maliciously controlled rogue base station, the attacker can trigger this exception, causing the modem to crash and resulting in a denial of service condition. This crash disrupts the device’s communication capabilities, effectively causing a remote DoS without requiring any user interaction or elevated privileges. The affected modem versions include NR15, NR16, NR17, and NR17R. The vulnerability was published on December 2, 2025, with a CVSS v3.1 base score of 4.9, indicating medium severity. The attack vector is network-based (AV:N), with low attack complexity (AC:L), but requires high privileges (PR:H) within the modem context, and no user interaction (UI:N). The impact is limited to availability (A:H), with no confidentiality or integrity loss. MediaTek has issued a patch (MOLY01673755) to address this issue. No known exploits have been reported in the wild, but the vulnerability poses a risk to devices in environments where rogue base stations could be deployed, such as targeted attacks or surveillance scenarios.

For European organizations, the primary impact of CVE-2025-20758 is the potential for remote denial of service on devices using affected MediaTek modems. This can disrupt mobile communications, impacting business operations reliant on mobile connectivity, including remote work, IoT deployments, and critical communications infrastructure. Telecommunications providers may face service degradation or outages if rogue base stations are used in targeted attacks. The vulnerability does not compromise data confidentiality or integrity, but availability loss can affect operational continuity, emergency services, and user productivity. Organizations in sectors such as finance, healthcare, transportation, and government, which depend on reliable mobile networks, could experience operational disruptions. Additionally, the proliferation of MediaTek chipsets in consumer and industrial devices across Europe increases the attack surface. The risk is heightened in environments where attackers can deploy rogue base stations, such as urban centers or border regions with geopolitical tensions. Although no exploits are currently known, the ease of triggering the vulnerability without user interaction warrants proactive mitigation to prevent service interruptions.

European organizations should implement a multi-layered mitigation strategy: 1) Ensure all devices using affected MediaTek modems are updated with the latest firmware patch MOLY01673755 or equivalent vendor updates as soon as they become available. 2) Network operators should monitor for and detect rogue base stations using radio frequency monitoring tools and anomaly detection systems to prevent unauthorized network access points. 3) Employ mobile device management (MDM) solutions to enforce timely updates and monitor device health status. 4) Educate users and administrators about the risks of connecting to unknown or suspicious cellular networks, even though user interaction is not required for exploitation, awareness can aid in incident response. 5) Collaborate with telecom providers to implement network-level protections such as base station authentication and enhanced signaling security to reduce rogue base station risks. 6) For critical infrastructure, consider deploying fallback communication channels and redundancy to maintain availability during potential DoS events. 7) Conduct regular security assessments and penetration testing focusing on cellular network vulnerabilities to identify and remediate exposure points. These steps go beyond generic patching by incorporating detection, prevention, and resilience measures tailored to the threat vector.