CVE-2025-20794 is a stack overflow vulnerability classified under CWE-121 affecting a broad range of MediaTek modem chipsets (including MT2735 through MT8893 series). The vulnerability stems from improper input validation in the modem firmware when processing signals from base stations. An attacker operating a rogue base station can exploit this flaw by sending crafted signals to a User Equipment (UE) device containing the vulnerable MediaTek modem, causing a stack overflow that leads to a system crash and denial of service. The attack vector is remote with no privileges or user interaction required, increasing the risk of exploitation in environments where devices connect to untrusted or malicious base stations. The affected modem versions include NR15, NR16, NR17, and NR17R. The CVSS v3.1 score is 6.5 (medium severity) with an attack vector of adjacent network, low attack complexity, no privileges required, no user interaction, and impact limited to availability (device crash). Although no exploits have been observed in the wild, the vulnerability poses a significant risk to device availability, particularly in mobile networks. MediaTek has released patches identified as MOLY01689259 and MOLY01586470 to address this issue. The vulnerability’s scope covers a wide range of mobile devices using these chipsets, potentially affecting millions of users globally. The root cause is a classic stack buffer overflow due to insufficient input validation, which could be mitigated by improved input sanitization and bounds checking in modem firmware.

For European organizations, the primary impact of CVE-2025-20794 is on availability. Devices using affected MediaTek modems may crash when connecting to rogue base stations, leading to service interruptions for end users. This can disrupt mobile communications, impacting critical sectors such as emergency services, financial institutions relying on mobile connectivity, and industrial IoT deployments. Telecom operators could face increased support costs and reputational damage if widespread exploitation occurs. The vulnerability could also be leveraged in targeted denial-of-service campaigns against specific users or geographic areas by deploying rogue base stations. Although confidentiality and integrity are not directly affected, the loss of availability in mobile devices can have cascading effects on business continuity and operational resilience. European enterprises with BYOD policies or mobile workforce using vulnerable devices are at risk of productivity loss. The lack of required user interaction or privileges makes the attack easier to execute in hostile environments, such as public spaces or border regions. The broad range of affected chipsets increases the potential attack surface across multiple device manufacturers and models.

1. Deploy the official patches from MediaTek (MOLY01689259 / MOLY01586470) as soon as they become available for affected devices. 2. Telecom operators should implement network monitoring to detect and block rogue base stations, using anomaly detection and signal fingerprinting techniques. 3. End users and enterprises should update device firmware and baseband software regularly to incorporate security fixes. 4. Organizations should enforce strict mobile device management (MDM) policies to control device updates and monitor device health. 5. Consider deploying network access control (NAC) solutions that can identify suspicious network behavior indicative of rogue base stations. 6. Educate users about the risks of connecting to untrusted networks and encourage the use of VPNs or secure communication channels. 7. Collaborate with mobile network providers to share threat intelligence related to rogue base station activity. 8. For critical infrastructure, implement redundancy and failover mechanisms to mitigate potential service disruptions caused by device crashes. 9. Conduct penetration testing and red team exercises simulating rogue base station attacks to assess organizational readiness. 10. Maintain an inventory of devices with affected MediaTek chipsets to prioritize patching and monitoring efforts.