Details of VAR-202601-0137

ID

VAR-202601-0137

CVE

CVE-2025-20761

TITLE

media tech's NR15 Vulnerabilities related to checking exceptional conditions in multiple products, such as

Trust: 0.8

sources: JVNDB: JVNDB-2026-001088

DESCRIPTION

In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01311265; Issue ID: MSV-4655. UE If it connects, it could allow a remote denial of service ( DoS ) attacks can occur. Patch ID teeth MOLY01311265 and the challenges ID teeth MSV-4655 is.Information handled by the software will not be leaked to the outside. Information handled by the software will not be rewritten. In addition, the software may stop functioning completely. Furthermore, attacks that exploit this vulnerability will not affect other software

Trust: 1.62

sources: NVD: CVE-2025-20761 // JVNDB: JVNDB-2026-001088

AFFECTED PRODUCTS

vendor:	mediatek	model:	nr17	scope:	eq	version:	-	Trust: 1.0
vendor:	mediatek	model:	nr16	scope:	eq	version:	-	Trust: 1.0
vendor:	mediatek	model:	nr15	scope:	eq	version:	-	Trust: 1.0
vendor:	メディアテック	model:	nr16	scope:	-	version:	-	Trust: 0.8
vendor:	メディアテック	model:	nr15	scope:	-	version:	-	Trust: 0.8
vendor:	メディアテック	model:	nr17	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2026-001088 // NVD: CVE-2025-20761

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-20761
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2026-001088
value:	HIGH
Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-20761
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2026-001088
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2026-001088 // NVD: CVE-2025-20761

PROBLEMTYPE DATA

problemtype:	CWE-754	Trust: 1.0
problemtype:	Improper checking in exceptional conditions (CWE-754) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2026-001088 // NVD: CVE-2025-20761

PATCH

title:

January 2026

url:

https://corp.mediatek.com/product-security-bulletin/January-2026

Trust: 0.8

sources: JVNDB: JVNDB-2026-001088

EXTERNAL IDS

db:	NVD	id:	CVE-2025-20761	Trust: 2.6
db:	JVNDB	id:	JVNDB-2026-001088	Trust: 0.8

sources: JVNDB: JVNDB-2026-001088 // NVD: CVE-2025-20761

REFERENCES

url:	https://corp.mediatek.com/product-security-bulletin/january-2026	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-20761	Trust: 0.8

sources: JVNDB: JVNDB-2026-001088 // NVD: CVE-2025-20761

SOURCES

db:	JVNDB	id:	JVNDB-2026-001088
db:	NVD	id:	CVE-2025-20761

LAST UPDATE DATE

2026-01-16T22:48:29.802000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2026-001088	date:	2026-01-13T05:54:00
db:	NVD	id:	CVE-2025-20761	date:	2026-01-08T19:25:51.847

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2026-001088	date:	2026-01-13T00:00:00
db:	NVD	id:	CVE-2025-20761	date:	2026-01-06T02:15:41.680