CVE-2025-20791 is a vulnerability classified under CWE-617 (Reachable Assertion) affecting a broad range of MediaTek modem chipsets including MT2735, MT6833 series, MT6853 series, MT6873 series, MT6880 series, MT6890 series, MT8675, MT8771, MT8791 series, and MT8797. The flaw exists in the modem's error handling logic, where an assertion can be triggered incorrectly, causing the modem system to crash. This vulnerability can be exploited remotely without any privileges or user interaction by an attacker who controls a rogue base station to which the user equipment (UE) connects. The attack vector is over-the-air, leveraging the cellular connection to induce a denial of service condition by crashing the modem firmware (Modem NR15). The CVSS v3.1 score is 6.5 (medium), reflecting the lack of confidentiality or integrity impact but a high impact on availability. The vulnerability was reserved in November 2024 and published in December 2025. Although no exploits are currently known in the wild, the broad range of affected chipsets and the ease of exploitation via rogue base stations make this a significant threat to mobile devices and infrastructure relying on these modems. The vendor has identified a patch (MOLY01661189), but no direct patch links are provided in the data.

For European organizations, the primary impact is a remote denial of service on devices using affected MediaTek modems, potentially disrupting mobile communications and services. Telecommunications providers, mobile network operators, and enterprises relying on cellular connectivity for critical operations could experience service outages or degraded network performance. The vulnerability could be exploited in targeted attacks using rogue base stations, which may be deployed in sensitive areas to disrupt communications of specific users or groups. This could affect emergency services, critical infrastructure monitoring, and IoT deployments that depend on cellular modems. Although confidentiality and integrity are not directly impacted, the availability disruption could lead to operational downtime, loss of productivity, and reputational damage. The widespread use of MediaTek chipsets in consumer and industrial devices across Europe increases the attack surface. The lack of required user interaction or privileges lowers the barrier for attackers, increasing the risk of exploitation in hostile environments or espionage scenarios.

European organizations should prioritize the following mitigations: 1) Coordinate with device manufacturers and mobile network operators to ensure timely deployment of the vendor patch MOLY01661189 on all affected devices and infrastructure. 2) Implement network monitoring to detect and alert on the presence of rogue base stations or anomalous cellular network behavior indicative of attack attempts. 3) Employ mobile device management (MDM) solutions to enforce firmware updates and restrict connections to trusted cellular networks where feasible. 4) Educate security teams and users about the risks of connecting to untrusted cellular networks, especially in sensitive or high-risk environments. 5) Collaborate with telecom providers to enhance base station authentication and integrity checks to reduce the likelihood of rogue base station exploitation. 6) For critical infrastructure relying on cellular connectivity, consider redundant communication paths or fallback mechanisms to maintain availability during potential attacks. 7) Regularly review and update incident response plans to include scenarios involving cellular modem denial of service attacks.