CVE-2025-20794 is a stack overflow vulnerability categorized under CWE-121, discovered in the modem component of MediaTek chipsets. The root cause is improper input validation, which allows an attacker controlling a rogue base station to send specially crafted data to a user equipment (UE) device, triggering a stack overflow and causing a system crash. This results in a denial of service condition without requiring any user interaction or elevated privileges. The vulnerability affects a broad range of MediaTek chipsets, including models MT2735 through MT8893, which are widely deployed in smartphones and IoT devices globally. The attack vector is remote and network-based, exploiting the cellular connection to the modem. The CVSS v3.1 base score is 6.5, with an attack vector of adjacent network (AV:A), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), no confidentiality or integrity impact (C:N/I:N), and high availability impact (A:H). Although no exploits are currently known in the wild, the vulnerability poses a significant risk to device availability, potentially disrupting communications and services dependent on affected hardware. Patches identified as MOLY01689259 and MOLY01586470 address this issue, but deployment depends on device manufacturers and carriers. The vulnerability highlights the risks inherent in cellular modem firmware and the importance of rigorous input validation in embedded systems.

The primary impact of CVE-2025-20794 is a remote denial of service affecting devices using vulnerable MediaTek chipsets. This can lead to unexpected system crashes, causing mobile devices to become unresponsive or reboot repeatedly, disrupting user communications and services. For enterprises and service providers, this could translate into reduced availability of mobile endpoints, affecting productivity and customer experience. Critical infrastructure relying on cellular connectivity, such as emergency services, IoT deployments, and industrial control systems, may face operational interruptions. Since exploitation requires no user interaction or privileges, attackers can target devices en masse by setting up rogue base stations in public or strategic locations. The lack of confidentiality or integrity impact limits the threat to availability, but persistent DoS conditions could facilitate further attacks or service degradation. The widespread use of MediaTek chipsets in budget and mid-range devices globally increases the attack surface, especially in regions where these chipsets dominate the mobile market. Organizations must consider the operational risks and potential reputational damage from service outages caused by this vulnerability.

To mitigate CVE-2025-20794, organizations and device users should ensure that all affected MediaTek chipset devices receive the latest firmware updates incorporating patches MOLY01689259 and MOLY01586470. Device manufacturers and carriers should prioritize rapid deployment of these patches through over-the-air updates. Network operators can implement detection and prevention mechanisms for rogue base stations, such as monitoring unusual base station identifiers and employing network anomaly detection systems. Enterprises should enforce policies restricting connections to untrusted cellular networks where feasible. For critical deployments, consider using devices with chipsets from vendors not affected by this vulnerability or with confirmed patched firmware. Security teams should monitor threat intelligence feeds for emerging exploits and prepare incident response plans for potential DoS incidents. Additionally, educating users about the risks of connecting to unknown cellular networks can reduce exposure. Finally, collaboration between chipset vendors, device manufacturers, and network operators is essential to ensure comprehensive mitigation coverage.