Vulnerability Description
In Modem, there is a possible information disclosure due to incorrect error handling. This could lead to remote information disclosure, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01513293; Issue ID: MSV-2741.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mediatek | Lr12A | - |
| Mediatek | Lr13 | - |
| Mediatek | Nr15 | - |
| Mediatek | Nr16 | - |
| Mediatek | Nr17 | - |
| Mediatek | Nr17R | - |
| Mediatek | Mt2735 | - |
| Mediatek | Mt2737 | - |
| Mediatek | Mt6739 | - |
| Mediatek | Mt6761 | - |
| Mediatek | Mt6762 | - |
| Mediatek | Mt6762D | - |
| Mediatek | Mt6762M | - |
| Mediatek | Mt6763 | - |
| Mediatek | Mt6765 | - |
| Mediatek | Mt6765T | - |
| Mediatek | Mt6767 | - |
| Mediatek | Mt6768 | - |
| Mediatek | Mt6769 | - |
| Mediatek | Mt6769K | - |
Related Weaknesses (CWE)
References
- https://corp.mediatek.com/product-security-bulletin/May-2025Vendor Advisory
FAQ
What is CVE-2025-20667?
CVE-2025-20667 is a vulnerability with a CVSS score of 7.5 (HIGH). In Modem, there is a possible information disclosure due to incorrect error handling. This could lead to remote information disclosure, if a UE has connected to a rogue base station controlled by the ...
How severe is CVE-2025-20667?
CVE-2025-20667 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-20667?
Check the references section above for vendor advisories and patch information. Affected products include: Mediatek Lr12A, Mediatek Lr13, Mediatek Nr15, Mediatek Nr16, Mediatek Nr17.