Details of VAR-202503-2229

ID

VAR-202503-2229

CVE

CVE-2025-20647

TITLE

media tech's NR12A In multiple products such as NULL Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2025-024572

DESCRIPTION

In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00791311 / MOLY01067019; Issue ID: MSV-2721. ID teeth MOLY00791311 and MOLY01067019 And the problem ID teeth MSV-2721 is.Information handled by the software will not be leaked to the outside. Information handled by the software will not be rewritten. In addition, the software may stop functioning completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2025-20647 // JVNDB: JVNDB-2025-024572

AFFECTED PRODUCTS

vendor:	mediatek	model:	nr12a	scope:	eq	version:	-	Trust: 1.0
vendor:	mediatek	model:	nr13	scope:	eq	version:	-	Trust: 1.0
vendor:	mediatek	model:	nr15	scope:	eq	version:	-	Trust: 1.0
vendor:	mediatek	model:	nr16	scope:	eq	version:	-	Trust: 1.0
vendor:	メディアテック	model:	nr16	scope:	-	version:	-	Trust: 0.8
vendor:	メディアテック	model:	nr12a	scope:	-	version:	-	Trust: 0.8
vendor:	メディアテック	model:	nr15	scope:	-	version:	-	Trust: 0.8
vendor:	メディアテック	model:	nr13	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2025-024572 // NVD: CVE-2025-20647

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-20647
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2025-024572
value:	HIGH
Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-20647
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-024572
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2025-024572 // NVD: CVE-2025-20647

PROBLEMTYPE DATA

problemtype:	CWE-476	Trust: 1.0
problemtype:	NULL Pointer dereference (CWE-476) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-024572 // NVD: CVE-2025-20647

PATCH

title:

March 2025

url:

https://corp.mediatek.com/product-security-bulletin/March-2025

Trust: 0.8

sources: JVNDB: JVNDB-2025-024572

EXTERNAL IDS

db:	NVD	id:	CVE-2025-20647	Trust: 2.6
db:	JVNDB	id:	JVNDB-2025-024572	Trust: 0.8

sources: JVNDB: JVNDB-2025-024572 // NVD: CVE-2025-20647

REFERENCES

url:	https://corp.mediatek.com/product-security-bulletin/march-2025	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-20647	Trust: 0.8

sources: JVNDB: JVNDB-2025-024572 // NVD: CVE-2025-20647

SOURCES

db:	JVNDB	id:	JVNDB-2025-024572
db:	NVD	id:	CVE-2025-20647

LAST UPDATE DATE

2026-01-16T23:07:53.601000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2025-024572	date:	2026-01-14T07:36:00
db:	NVD	id:	CVE-2025-20647	date:	2026-01-12T16:02:25.730

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2025-024572	date:	2026-01-14T00:00:00
db:	NVD	id:	CVE-2025-20647	date:	2025-03-03T03:15:09.510