CVE-2025-20790 is a vulnerability identified in multiple MediaTek modem chipsets, including MT2735, MT6833 series, MT6853 series, MT6873 series, MT6880 series, MT6890 series, MT8675, MT8771, MT8791 series, and MT8797. The root cause is a NULL pointer dereference (CWE-476) in the modem firmware, specifically in the NR15 modem version, due to improper input validation. When a user equipment (UE) connects to a malicious or rogue base station controlled by an attacker, the modem processes crafted input that leads to dereferencing a NULL pointer, causing the modem system to crash. This results in a denial of service condition on the device, potentially disrupting network connectivity and device functionality. The attack vector is remote and does not require any user interaction or elevated privileges, increasing the risk of exploitation. The vulnerability was reserved in November 2024 and published in December 2025. No CVSS score has been assigned yet, and no known exploits have been reported in the wild. The issue is tracked internally by MediaTek under patch ID MOLY01677581 and issue ID MSV-4701. The broad range of affected chipsets indicates a widespread impact across many mobile devices using MediaTek modems, commonly found in smartphones, IoT devices, and other connected hardware. The vulnerability primarily threatens device availability by causing crashes, which could be leveraged by attackers to disrupt communications or degrade service quality.

For European organizations, the primary impact of CVE-2025-20790 is the potential for remote denial of service on devices using affected MediaTek modem chipsets. This can disrupt mobile communications, affecting employees' smartphones, IoT devices, and other connected equipment relying on cellular connectivity. Critical sectors such as telecommunications, emergency services, transportation, and industrial control systems that depend on reliable mobile connectivity could experience operational interruptions. The ease of exploitation without user interaction or privileges means attackers could target devices en masse by setting up rogue base stations in public or strategic locations. This could lead to widespread service degradation or outages, impacting business continuity and potentially causing financial and reputational damage. Additionally, the disruption of mobile network availability could hinder incident response and emergency communications. While confidentiality and integrity impacts are minimal, the availability impact is significant, especially in environments with high reliance on mobile connectivity.

European organizations should prioritize the following mitigation steps: 1) Monitor vendor communications and apply MediaTek patches (MOLY01677581) promptly once released to address the vulnerability in modem firmware. 2) Implement network-level detection and mitigation of rogue base stations by deploying advanced mobile network security solutions capable of identifying and blocking unauthorized base stations. 3) Educate IT and security teams about the risks of rogue base stations and encourage vigilance in environments with sensitive operations. 4) For critical infrastructure, consider deploying multi-factor communication channels and fallback connectivity options to reduce reliance on a single cellular network. 5) Collaborate with mobile network operators to enhance detection of anomalous base station behavior and improve network integrity. 6) Conduct regular security assessments of mobile device fleets to ensure firmware is up to date and devices are not exposed to known vulnerabilities. 7) Where possible, restrict device connectivity to trusted networks and use VPNs to protect data in transit, although this does not prevent denial of service, it can help maintain confidentiality and integrity.