Modem Uncaught Exception -> Remote DoS via Rogue Base Station
CVE-2025-20666 Published on May 5, 2025

In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00650610; Issue ID: MSV-2933.

NVD

Vulnerability Analysis

Attack Vector:
ADJACENT_NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
NONE
Availability Impact:
HIGH

Weakness Type

What is an assertion failure Vulnerability?

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

CVE-2025-20666 has been classified to as an assertion failure vulnerability or weakness.


Products Associated with CVE-2025-20666

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2025-20666 are published in these products:

Google Android
 
MediaTek Lr15
 
MediaTek Nr15
 
MediaTek Mt6855
 

Affected Versions

MediaTek, Inc. MT2735, MT6833, MT6833P, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8666, MT8667, MT8673, MT8675, MT8771, MT8791, MT8791T, MT8795T, MT8797, MT8798 Version Modem NR15 is affected by CVE-2025-20666

Exploit Probability

EPSS
0.86%
Percentile
74.76%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.