CVE-2025-20647
MEDIUMCVSS Vector
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
2Description
In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00791311 / MOLY01067019; Issue ID: MSV-2721.
Analysis
In Modem, there is a possible system crash due to a missing bounds check. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Technical Context
This vulnerability is classified as NULL Pointer Dereference (CWE-476), which allows attackers to crash the application by dereferencing a null pointer. In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00791311 / MOLY01067019; Issue ID: MSV-2721. Affected products include: Mediatek Nr12A, Mediatek Nr13, Mediatek Nr15, Mediatek Nr16.
Affected Products
Mediatek Nr12A, Mediatek Nr13, Mediatek Nr15, Mediatek Nr16.
Remediation
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Check pointers before dereferencing. Use static analysis tools to detect null pointer paths.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today