SecuriTricks - CVE-2025-20725

Description

In ims service, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01671924; Issue ID: MSV-4620.

Product(s) Impacted

Vendor	Product	Versions
Mediatek	Lr12a Nr15 Nr16 Mt2735 Mt2737 Mt6739 Mt6761 Mt6762 Mt6762d Mt6762m Mt6763 Mt6765 Mt6765t Mt6767 Mt6768 Mt6769 Mt6769k Mt6769s Mt6769t Mt6769z Mt6771 Mt6833 Mt6833p Mt6853 Mt6853t Mt6855 Mt6855t Mt6873 Mt6875 Mt6875t Mt6877 Mt6877t Mt6877tt Mt6879 Mt6880 Mt6883 Mt6885 Mt6886 Mt6889 Mt6890 Mt6891 Mt6893 Mt6895 Mt6895tt Mt6896 Mt6980 Mt6980d Mt6983 Mt6983t Mt6985 Mt6985t Mt6989 Mt6989t Mt6990 Mt8666 Mt8667 Mt8673 Mt8675 Mt8765 Mt8766 Mt8766r Mt8768 Mt8771 Mt8786 Mt8788 Mt8788e Mt8791 Mt8791t Mt8795t Mt8797 Mt8798 Mt8893	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
o	mediatek	lr12a	-	/	/	/	/	/	/	/
o	mediatek	nr15	-	/	/	/	/	/	/	/
o	mediatek	nr16	-	/	/	/	/	/	/	/
h	mediatek	mt2735	-	/	/	/	/	/	/	/
h	mediatek	mt2737	-	/	/	/	/	/	/	/
h	mediatek	mt6739	-	/	/	/	/	/	/	/
h	mediatek	mt6761	-	/	/	/	/	/	/	/
h	mediatek	mt6762	-	/	/	/	/	/	/	/
h	mediatek	mt6762d	-	/	/	/	/	/	/	/
h	mediatek	mt6762m	-	/	/	/	/	/	/	/
h	mediatek	mt6763	-	/	/	/	/	/	/	/
h	mediatek	mt6765	-	/	/	/	/	/	/	/
h	mediatek	mt6765t	-	/	/	/	/	/	/	/
h	mediatek	mt6767	-	/	/	/	/	/	/	/
h	mediatek	mt6768	-	/	/	/	/	/	/	/
h	mediatek	mt6769	-	/	/	/	/	/	/	/
h	mediatek	mt6769k	-	/	/	/	/	/	/	/
h	mediatek	mt6769s	-	/	/	/	/	/	/	/
h	mediatek	mt6769t	-	/	/	/	/	/	/	/
h	mediatek	mt6769z	-	/	/	/	/	/	/	/
h	mediatek	mt6771	-	/	/	/	/	/	/	/
h	mediatek	mt6833	-	/	/	/	/	/	/	/
h	mediatek	mt6833p	-	/	/	/	/	/	/	/
h	mediatek	mt6853	-	/	/	/	/	/	/	/
h	mediatek	mt6853t	-	/	/	/	/	/	/	/
h	mediatek	mt6855	-	/	/	/	/	/	/	/
h	mediatek	mt6855t	-	/	/	/	/	/	/	/
h	mediatek	mt6873	-	/	/	/	/	/	/	/
h	mediatek	mt6875	-	/	/	/	/	/	/	/
h	mediatek	mt6875t	-	/	/	/	/	/	/	/
h	mediatek	mt6877	-	/	/	/	/	/	/	/
h	mediatek	mt6877t	-	/	/	/	/	/	/	/
h	mediatek	mt6877tt	-	/	/	/	/	/	/	/
h	mediatek	mt6879	-	/	/	/	/	/	/	/
h	mediatek	mt6880	-	/	/	/	/	/	/	/
h	mediatek	mt6883	-	/	/	/	/	/	/	/
h	mediatek	mt6885	-	/	/	/	/	/	/	/
h	mediatek	mt6886	-	/	/	/	/	/	/	/
h	mediatek	mt6889	-	/	/	/	/	/	/	/
h	mediatek	mt6890	-	/	/	/	/	/	/	/
h	mediatek	mt6891	-	/	/	/	/	/	/	/
h	mediatek	mt6893	-	/	/	/	/	/	/	/
h	mediatek	mt6895	-	/	/	/	/	/	/	/
h	mediatek	mt6895tt	-	/	/	/	/	/	/	/
h	mediatek	mt6896	-	/	/	/	/	/	/	/
h	mediatek	mt6980	-	/	/	/	/	/	/	/
h	mediatek	mt6980d	-	/	/	/	/	/	/	/
h	mediatek	mt6983	-	/	/	/	/	/	/	/
h	mediatek	mt6983t	-	/	/	/	/	/	/	/
h	mediatek	mt6985	-	/	/	/	/	/	/	/
h	mediatek	mt6985t	-	/	/	/	/	/	/	/
h	mediatek	mt6989	-	/	/	/	/	/	/	/
h	mediatek	mt6989t	-	/	/	/	/	/	/	/
h	mediatek	mt6990	-	/	/	/	/	/	/	/
h	mediatek	mt8666	-	/	/	/	/	/	/	/
h	mediatek	mt8667	-	/	/	/	/	/	/	/
h	mediatek	mt8673	-	/	/	/	/	/	/	/
h	mediatek	mt8675	-	/	/	/	/	/	/	/
h	mediatek	mt8765	-	/	/	/	/	/	/	/
h	mediatek	mt8766	-	/	/	/	/	/	/	/
h	mediatek	mt8766r	-	/	/	/	/	/	/	/
h	mediatek	mt8768	-	/	/	/	/	/	/	/
h	mediatek	mt8771	-	/	/	/	/	/	/	/
h	mediatek	mt8786	-	/	/	/	/	/	/	/
h	mediatek	mt8788	-	/	/	/	/	/	/	/
h	mediatek	mt8788e	-	/	/	/	/	/	/	/
h	mediatek	mt8791	-	/	/	/	/	/	/	/
h	mediatek	mt8791t	-	/	/	/	/	/	/	/
h	mediatek	mt8795t	-	/	/	/	/	/	/	/
h	mediatek	mt8797	-	/	/	/	/	/	/	/
h	mediatek	mt8798	-	/	/	/	/	/	/	/
h	mediatek	mt8893	-	/	/	/	/	/	/	/

References

https://corp.mediatek.com/product-security-bulletin/November-2025

CVSS Score

7.5 / 10

CVSS Data - 3.1

Attack Vector: NETWORK
Attack Complexity: HIGH
Privileges Required: LOW
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

View Vector String

Timeline

Published: Nov. 4, 2025, 7:15 a.m.
Last Modified: Nov. 5, 2025, 5:16 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security@mediatek.com

CVE-2025-20725