CVE-2025-20666 in MT2735info

Summary

by MITRE • 05/05/2025

In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00650610; Issue ID: MSV-2933.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 02/17/2026

This vulnerability exists within the modem component of mobile devices, specifically representing a critical denial of service condition that can be remotely exploited without requiring any additional privileges or user interaction. The flaw manifests as an uncaught exception that occurs when a user equipment device connects to a malicious base station controlled by an attacker. The technical implementation of this vulnerability stems from inadequate error handling mechanisms within the modem's network connection protocols, where the system fails to properly manage exceptional conditions that arise during base station handover or connection establishment processes. The absence of proper exception handling creates a scenario where a single malformed network signal or unexpected connection state transition can cause the entire modem subsystem to crash and become unresponsive. This represents a significant weakness in the system's fault tolerance and resilience design principles, as the modem should be capable of gracefully handling unexpected network conditions without compromising overall device functionality.

The operational impact of this vulnerability extends beyond simple service disruption, as it enables attackers to remotely compromise device availability and potentially disrupt critical communication services. When exploited, the vulnerability allows an attacker positioned at a rogue base station to trigger a system crash that renders the mobile device temporarily or permanently unusable for communication purposes. The attack vector is particularly concerning because it requires no user interaction and can be executed from a remote location, making it highly suitable for large-scale denial of service campaigns. The vulnerability affects devices that support the specific modem firmware version containing the flaw, and the attack can be particularly devastating in scenarios where mobile connectivity is critical for business operations, emergency services, or personal communication. The lack of additional execution privileges required for exploitation means that even basic network attackers can leverage this vulnerability, significantly increasing the attack surface and potential impact.

The technical nature of this vulnerability aligns with CWE-409, which addresses issues related to improper handling of exceptional conditions in system components, and relates to ATT&CK technique T1499.004 for network denial of service attacks. The flaw demonstrates poor defensive programming practices where the modem firmware does not implement comprehensive exception handling for network protocol processing, particularly during connection establishment phases. Security practitioners should note that this vulnerability represents a design-level weakness rather than an implementation error, suggesting that similar issues may exist in other network protocol handling components within the same firmware architecture. The patch MOLY00650610 addresses this by implementing proper exception handling routines that catch and manage network protocol errors without causing system-wide crashes. Organizations should prioritize immediate deployment of this patch across affected devices, particularly those operating in high-risk environments where network security is paramount, and should consider implementing network monitoring solutions to detect potential rogue base station activity that could be leveraged to exploit this vulnerability. The vulnerability underscores the importance of robust error handling in embedded systems and mobile device firmware, where system stability directly impacts user safety and communication reliability.

Responsible

MediaTek

Reservation

11/01/2024

Disclosure

05/05/2025

Moderation

accepted

CPE

ready

EPSS

0.00679

KEV

no

Activities

very low

Sources

Want to know what is going to be exploited?

We predict KEV entries!