MediaTek at present printed a essential safety bulletin addressing a number of vulnerabilities throughout its newest modem chipsets, urging gadget OEMs to deploy updates instantly.
The bulletin, issued two months after confidential OEM notification, confirms that no recognized in-the-wild exploits have been detected up to now.
Key Takeaways1. MediaTek patched high- and medium-severity modem and firmware bugs throughout 60+ chipsets.2. OEMs acquired fixes in July; replace Modem NR and BSP now.3. No exploitation detected.
Excessive-Severity Out-of-Bounds Flaws
Three high-severity Widespread Vulnerability Scoring System model 3.1 (CVSS v3.1)–rated flaws have an effect on the Modem firmware on dozens of MediaTek chipsets.
CVE-2025-20708: An out-of-bounds write (CWE-787) within the Modem’s buffer‐validation logic permits distant privilege escalation when a person tools (UE) connects to a rogue base station.
No person interplay is required to set off the vulnerability. Affected chipsets embrace MT6813, MT6833, MT6855, MT8873, MT8893, and over 60 extra fashions operating Modem NR15–NR17R software program variations.
CVE-2025-20703: An out-of-bounds learn (CWE-125) in the identical Modem element permits distant denial-of-service underneath comparable circumstances and with no person interplay.
Impacted silicon spans MT2735, MT6789, MT6893, MT8678, MT8791T, MT8883, amongst others, all on NR15–NR17R releases.
CVE-2025-20704: A second out-of-bounds write (CWE-787) stemming from a lacking bounds test can even yield distant privilege escalation, although person interplay is required for exploitation.
The flaw targets a subset of chipsets—MT6835T, MT6899, MT6991, MT8676, MT8792, and a dozen extra—operating Modem NR17 and NR17R builds.
Medium-Severity Reminiscence Corruption Flaws
Three medium-severity use-after-free bugs (CWE-416) reside within the monitor_hang, mbrain, and geniezone modules of the chipset firmware:
CVE-2025-20705 (“monitor_hang uaf”): A use-after-free error might allow native privilege escalation for attackers who already possess System privileges.
A broad vary of chipsets from MT2718 to MT8796 throughout Android 13–16, OpenWRT 19.07/21.02, and Yocto 2.6 releases are affected.
CVE-2025-20706 (“mbrain uaf”): Related reminiscence corruption within the mbrain process scheduler on MT6899, MT6989, MT6991, MT8676, and MT8678 operating Android 14–15 could result in native code execution.
CVE-2025-20707 (“geniezone uaf”): A flaw within the geniezone service can lead to reminiscence corruption underneath native privilege circumstances on MT2718, MT6853, MT8792, MT8883, and different fashions throughout Android 13–15.
CVETitleSeverityCVE-2025-20708Out-of-bounds write in ModemHighCVE-2025-20703Out-of-bounds learn in ModemHighCVE-2025-20704Out-of-bounds write in ModemHighCVE-2025-20705Use after free in monitor_hangMediumCVE-2025-20706Use after free in mbrainMediumCVE-2025-20707Use after free in geniezoneMedium
All vulnerabilities have been found through exterior safety analysis, besides CVE-2025-20704, which was recognized by inside validation groups.
OEM companions have acquired patches since July, and closing firmware photos incorporating these fixes will start rolling out instantly.
MediaTek reminds integrators to improve Modem NR and Android BSP variations to mitigate dangers.
Discover this Story Attention-grabbing! Comply with us on Google Information, LinkedIn, and X to Get Extra Prompt Updates.
