Floragasse 7 – 5th floor, 1040 Vienna
Subscribe to our Newsletter

News

SBA Security Advisory – Null pointer dereference in MediaTek Modem (CVE-2025-20647)

Vulnerability Overview

In the MediaTek modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation.

  • Type of Vulnerability: Denial of Service
  • Fixed with: Patch ID: MOLY00791311 / MOLY01067019; Issue ID: MSV-2721
  • CVE ID: CVE-2025-20647
  • Severity: Medium

Recommended Countermeasure

If possible patch with Patch ID: MOLY00791311 / MOLY01067019; Issue ID: MSV-2721.

Links

Chipsets
MediaTek Security Bulletin March 2025
MediaTek security acknowledges
Blog entry sipgate
CVE-2025-20647

Credits

Denis Kollar (sipgate)
Hendrik Wedhorn (sipgate)
Jannik Volkland (sipgate)
Viktor Garske (ISMK)
Gabriel Gegenhuber (SBA Research and University of Vienna)
Michael Pucher (University of Vienna)