CVE-2025-20759 is a security vulnerability classified under CWE-125 (Out-of-bounds Read) affecting a broad range of MediaTek modem chipsets, including models MT2735, MT2737, MT6833, MT6853, MT6873, MT6880, MT6980, MT8673, MT8791, MT8893, among others. The vulnerability stems from a missing bounds check in the modem firmware, which allows an attacker controlling a rogue base station to trigger an out-of-bounds read condition remotely. This flaw can cause the modem to read memory outside the intended buffer boundaries, potentially leading to a denial of service (DoS) by crashing or destabilizing the modem firmware. Exploitation does not require any user interaction or elevated privileges on the device, making it a remotely exploitable vulnerability with a wide attack surface. The affected modem versions are NR15 and NR16, which are commonly integrated into mobile devices and IoT equipment. While no exploits have been reported in the wild, the vulnerability poses a significant risk due to the critical role of modems in maintaining cellular connectivity. The issue was reserved in November 2024 and published in December 2025, with MediaTek assigning it the internal issue ID MSV-4650 and patch ID MOLY01673760. The lack of a CVSS score requires an independent severity assessment based on the technical details and potential impact.

For European organizations, the primary impact of CVE-2025-20759 is the potential disruption of cellular connectivity due to modem crashes or instability caused by the out-of-bounds read. This can affect mobile devices, IoT endpoints, and critical infrastructure relying on cellular communications, such as smart grids, transportation systems, and emergency services. Remote denial of service could lead to loss of availability, impacting business operations, communications, and safety systems. Since exploitation requires only a rogue base station, attackers could target specific geographic areas or organizations by deploying malicious base stations near critical facilities or densely populated urban centers. The widespread use of MediaTek chipsets in consumer and industrial devices across Europe increases the risk of large-scale service interruptions. Confidentiality and integrity impacts are limited, as the vulnerability does not grant code execution or data manipulation capabilities. However, the availability impact alone can have severe operational consequences, especially in sectors dependent on continuous mobile connectivity.

European organizations should prioritize obtaining and deploying the official MediaTek patch identified as MOLY01673760 for affected modem versions NR15 and NR16. Network operators and device manufacturers should coordinate firmware updates to ensure timely remediation. Additionally, organizations should implement network monitoring to detect and block rogue base stations using radio frequency scanning tools and anomaly detection systems. Employing SIM-based network authentication enhancements and base station validation mechanisms can reduce exposure to malicious base stations. For critical infrastructure, deploying redundant communication channels and failover mechanisms can mitigate the impact of potential denial of service events. Security teams should also educate users and administrators about the risks of connecting to untrusted cellular networks and encourage the use of VPNs or encrypted communication where possible. Finally, maintaining an inventory of devices with affected MediaTek chipsets will help prioritize patching and risk management efforts.