How to fix CVE-2025-20659?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Is Mt2735 Firmware affected by CVE-2025-20659?

CVE-2025-20659 presents notable security risk, a out-of-bounds read vulnerability rated CVSS 6.5. Exploitation could cause memory corruption or application crashes. Organizations should apply vendor updates when available and monitor for exploitation.

CVE-2025-20659

MEDIUM

2025-04-07 [email protected]

Information Disclosure Buffer Overflow Denial Of Service Mt2735 Firmware Mt2737 Firmware Mt6739 Firmware Mt6761 Firmware Mt6762 Firmware Mt6762D Firmware Mt6762M Firmware Mt6763 Firmware Mt6765 Firmware Mt6765T Firmware Mt6767 Firmware Mt6768 Firmware Mt6769 Firmware Mt6769K Firmware Mt6769S Firmware Mt6769T Firmware Mt6769Z Firmware Mt6771 Firmware Mt6779 Firmware Mt6781 Firmware Mt6783 Firmware Mt6785 Firmware Mt6785T Firmware Mt6785U Firmware Mt6789 Firmware Mt6813 Firmware Mt6833 Firmware Mt6833P Firmware Mt6835 Firmware Mt6835T Firmware Mt6853 Firmware Mt6853T Firmware Mt6855 Firmware Mt6855T Firmware Mt6873 Firmware Mt6875 Firmware Mt6875T Firmware Mt6877 Firmware Mt6877T Firmware Mt6877Tt Firmware Mt6878 Firmware Mt6878M Firmware Mt6879 Firmware Mt6880 Firmware Mt6883 Firmware Mt6885 Firmware Mt6886 Firmware Mt6889 Firmware Mt6890 Firmware Mt6891 Firmware Mt6893 Firmware Mt6895 Firmware Mt6895Tt Firmware Mt6896 Firmware Mt6897 Firmware Mt6899 Firmware Mt6980 Firmware Mt6980D Firmware Mt6983 Firmware Mt6983T Firmware Mt6985 Firmware Mt6985T Firmware Mt6989 Firmware Mt6989T Firmware Mt6990 Firmware Mt6991 Firmware Mt8666 Firmware Mt8667 Firmware Mt8673 Firmware Mt8675 Firmware Mt8676 Firmware Mt8678 Firmware Mt8765 Firmware Mt8766 Firmware Mt8768 Firmware Mt8771 Firmware Mt8781 Firmware Mt8786 Firmware Mt8788 Firmware Mt8788E Firmware Mt8791T Firmware Mt8796 Firmware Mt8797 Firmware Mt8798 Firmware Mt8863 Firmware

6.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:35 vuln.today

CVE Published

Apr 07, 2025 - 04:15 nvd

MEDIUM 6.5

DescriptionNVD

In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01519028; Issue ID: MSV-2768.

AnalysisAI

In Modem, there is a possible system crash due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01519028; Issue ID: MSV-2768. Affected products include: Mediatek Mt2735 Firmware, Mediatek Mt2737 Firmware, Mediatek Mt6739 Firmware, Mediatek Mt6761 Firmware, Mediatek Mt6762 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.

CVE-2025-20659 vulnerability details – vuln.today

Back

CVE-2025-20659

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code