Remote DoS in MediaTek Modem via Error Handling Crash
CVE-2025-20762 Published on January 6, 2026

In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01685181; Issue ID: MSV-4760.

NVD

Vulnerability Analysis

Attack Vector:
ADJACENT_NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
NONE
Availability Impact:
HIGH

Weakness Type

What is an assertion failure Vulnerability?

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

CVE-2025-20762 has been classified to as an assertion failure vulnerability or weakness.


Products Associated with CVE-2025-20762

Want to know whenever a new CVE is published for MediaTek Mt6835? stack.watch will email you.

MediaTek Mt6835
 

Affected Versions

MediaTek, Inc. MT6835, MT6835T, MT6878, MT6878M, MT6897, MT6899, MT6991, MT8676, MT8678, MT8755, MT8792, MT8793, MT8863, MT8873, MT8883 Version Modem NR17 is affected by CVE-2025-20762

Exploit Probability

EPSS
0.14%
Percentile
34.53%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.