Sign-up

ID

VAR-202512-0754


CVE

CVE-2025-20758


DESCRIPTION

In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01673755; Issue ID: MSV-4647.

Trust: 1.0

sources: NVD: CVE-2025-20758

AFFECTED PRODUCTS

vendor:mediatekmodel:nr17scope:eqversion: -

Trust: 1.0

vendor:mediatekmodel:nr17rscope:eqversion: -

Trust: 1.0

vendor:mediatekmodel:nr16scope:eqversion: -

Trust: 1.0

vendor:mediatekmodel:nr15scope:eqversion: -

Trust: 1.0

sources: NVD: CVE-2025-20758

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2025-20758
value: MEDIUM

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2025-20758
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: NVD: CVE-2025-20758

PROBLEMTYPE DATA

problemtype:CWE-248

Trust: 1.0

sources: NVD: CVE-2025-20758

EXTERNAL IDS

db:NVDid:CVE-2025-20758

Trust: 1.0

sources: NVD: CVE-2025-20758

REFERENCES

url:https://corp.mediatek.com/product-security-bulletin/december-2025

Trust: 1.0

sources: NVD: CVE-2025-20758

SOURCES

db:NVDid:CVE-2025-20758

LAST UPDATE DATE

2025-12-19T23:00:11.066000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2025-20758date:2025-12-03T21:37:31.440

SOURCES RELEASE DATE

db:NVDid:CVE-2025-20758date:2025-12-02T03:16:17.187