Vulnerability Details CVE-2025-20704
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01516959; Issue ID: MSV-3502.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 35.5%
CVSS Severity
CVSS v3 Score 8.8
Products affected by CVE-2025-20704
-
cpe:2.3:h:mediatek:mt6813:-
-
cpe:2.3:h:mediatek:mt6835:-
-
cpe:2.3:h:mediatek:mt6835t:-
-
cpe:2.3:h:mediatek:mt6878:-
-
cpe:2.3:h:mediatek:mt6878m:-
-
cpe:2.3:h:mediatek:mt6897:-
-
cpe:2.3:h:mediatek:mt6899:-
-
cpe:2.3:h:mediatek:mt6991:-
-
cpe:2.3:h:mediatek:mt8676:-
-
cpe:2.3:h:mediatek:mt8678:-
-
cpe:2.3:h:mediatek:mt8792:-
-
cpe:2.3:h:mediatek:mt8863:-
-
cpe:2.3:h:mediatek:mt8873:-
-
cpe:2.3:h:mediatek:mt8883:-
-
cpe:2.3:o:mediatek:nr17:-
-
cpe:2.3:o:mediatek:nr17r:-