CVE-2025-20670 - Vulnerability Details

In Modem, there is a possible permission bypass due to improper certificate validation. This could lead to remote information disclosure, if a UE has connected to a rogue base station controlled by the attacker, with User execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01334347; Issue ID: MSV-2772.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mediatek	Mt2737 Mt6813 Mt6835 Mt6835t Mt6878 Mt6878m Mt6879 Mt6886 Mt6895 Mt6895tt Mt6896 Mt6897 Mt6899 Mt6980 Mt6980d Mt6983 Mt6983t Mt6985 Mt6985t Mt6989 Mt6989t Mt6990 Mt6991 Mt8666 Mt8667 Mt8673 Mt8675 Mt8676 Mt8678 Mt8765 Mt8766 Mt8768 Mt8771 Mt8781 Mt8786 Mt8788 Mt8788e Mt8789 Mt8791 Mt8791t Mt8795t Mt8797 Mt8798 Nr16 Nr17 Nr17r

Configuration 1 [-]

AND

OR	cpe:2.3:o:mediatek:nr16:-:::::::*
	cpe:2.3:o:mediatek:nr17:-:::::::*
	cpe:2.3:o:mediatek:nr17r:-:::::::*

OR	cpe:2.3:h:mediatek:mt2737:-:::::::*
	cpe:2.3:h:mediatek:mt6813:-:::::::*
	cpe:2.3:h:mediatek:mt6835:-:::::::*
	cpe:2.3:h:mediatek:mt6835t:-:::::::*
	cpe:2.3:h:mediatek:mt6878:-:::::::*
	cpe:2.3:h:mediatek:mt6878m:-:::::::*
	cpe:2.3:h:mediatek:mt6879:-:::::::*
	cpe:2.3:h:mediatek:mt6886:-:::::::*
	cpe:2.3:h:mediatek:mt6895:-:::::::*
	cpe:2.3:h:mediatek:mt6895tt:-:::::::*
	cpe:2.3:h:mediatek:mt6896:-:::::::*
	cpe:2.3:h:mediatek:mt6897:-:::::::*
	cpe:2.3:h:mediatek:mt6899:-:::::::*
	cpe:2.3:h:mediatek:mt6980:-:::::::*
	cpe:2.3:h:mediatek:mt6980d:-:::::::*
	cpe:2.3:h:mediatek:mt6983:-:::::::*
	cpe:2.3:h:mediatek:mt6983t:-:::::::*
	cpe:2.3:h:mediatek:mt6985:-:::::::*
	cpe:2.3:h:mediatek:mt6985t:-:::::::*
	cpe:2.3:h:mediatek:mt6989:-:::::::*
	cpe:2.3:h:mediatek:mt6989t:-:::::::*
	cpe:2.3:h:mediatek:mt6990:-:::::::*
	cpe:2.3:h:mediatek:mt6991:-:::::::*
	cpe:2.3:h:mediatek:mt8666:-:::::::*
	cpe:2.3:h:mediatek:mt8667:-:::::::*
	cpe:2.3:h:mediatek:mt8673:-:::::::*
	cpe:2.3:h:mediatek:mt8675:-:::::::*
	cpe:2.3:h:mediatek:mt8676:-:::::::*
	cpe:2.3:h:mediatek:mt8678:-:::::::*
	cpe:2.3:h:mediatek:mt8765:-:::::::*
	cpe:2.3:h:mediatek:mt8766:-:::::::*
	cpe:2.3:h:mediatek:mt8768:-:::::::*
	cpe:2.3:h:mediatek:mt8771:-:::::::*
	cpe:2.3:h:mediatek:mt8781:-:::::::*
	cpe:2.3:h:mediatek:mt8786:-:::::::*
	cpe:2.3:h:mediatek:mt8788:-:::::::*
	cpe:2.3:h:mediatek:mt8788e:-:::::::*
	cpe:2.3:h:mediatek:mt8789:-:::::::*
	cpe:2.3:h:mediatek:mt8791:-:::::::*
	cpe:2.3:h:mediatek:mt8791t:-:::::::*
	cpe:2.3:h:mediatek:mt8795t:-:::::::*
	cpe:2.3:h:mediatek:mt8797:-:::::::*
	cpe:2.3:h:mediatek:mt8798:-:::::::*

No data.

References

Link	Providers
https://corp.mediatek.com/product-security-bulletin/May-2025

History

Tue, 06 May 2025 14:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mediatek Mediatek mt2737 Mediatek mt6813 Mediatek mt6835 Mediatek mt6835t Mediatek mt6878 Mediatek mt6878m Mediatek mt6879 Mediatek mt6886 Mediatek mt6895 Mediatek mt6895tt Mediatek mt6896 Mediatek mt6897 Mediatek mt6899 Mediatek mt6980 Mediatek mt6980d Mediatek mt6983 Mediatek mt6983t Mediatek mt6985 Mediatek mt6985t Mediatek mt6989 Mediatek mt6989t Mediatek mt6990 Mediatek mt6991 Mediatek mt8666 Mediatek mt8667 Mediatek mt8673 Mediatek mt8675 Mediatek mt8676 Mediatek mt8678 Mediatek mt8765 Mediatek mt8766 Mediatek mt8768 Mediatek mt8771 Mediatek mt8781 Mediatek mt8786 Mediatek mt8788 Mediatek mt8788e Mediatek mt8789 Mediatek mt8791 Mediatek mt8791t Mediatek mt8795t Mediatek mt8797 Mediatek mt8798 Mediatek nr16 Mediatek nr17 Mediatek nr17r
CPEs		cpe:2.3:h:mediatek:mt2737:-:::::::* cpe:2.3:h:mediatek:mt6813:-:::::::* cpe:2.3:h:mediatek:mt6835:-:::::::* cpe:2.3:h:mediatek:mt6835t:-:::::::* cpe:2.3:h:mediatek:mt6878:-:::::::* cpe:2.3:h:mediatek:mt6878m:-:::::::* cpe:2.3:h:mediatek:mt6879:-:::::::* cpe:2.3:h:mediatek:mt6886:-:::::::* cpe:2.3:h:mediatek:mt6895:-:::::::* cpe:2.3:h:mediatek:mt6895tt:-:::::::* cpe:2.3:h:mediatek:mt6896:-:::::::* cpe:2.3:h:mediatek:mt6897:-:::::::* cpe:2.3:h:mediatek:mt6899:-:::::::* cpe:2.3:h:mediatek:mt6980:-:::::::* cpe:2.3:h:mediatek:mt6980d:-:::::::* cpe:2.3:h:mediatek:mt6983:-:::::::* cpe:2.3:h:mediatek:mt6983t:-:::::::* cpe:2.3:h:mediatek:mt6985:-:::::::* cpe:2.3:h:mediatek:mt6985t:-:::::::* cpe:2.3:h:mediatek:mt6989:-:::::::* cpe:2.3:h:mediatek:mt6989t:-:::::::* cpe:2.3:h:mediatek:mt6990:-:::::::* cpe:2.3:h:mediatek:mt6991:-:::::::* cpe:2.3:h:mediatek:mt8666:-:::::::* cpe:2.3:h:mediatek:mt8667:-:::::::* cpe:2.3:h:mediatek:mt8673:-:::::::* cpe:2.3:h:mediatek:mt8675:-:::::::* cpe:2.3:h:mediatek:mt8676:-:::::::* cpe:2.3:h:mediatek:mt8678:-:::::::* cpe:2.3:h:mediatek:mt8765:-:::::::* cpe:2.3:h:mediatek:mt8766:-:::::::* cpe:2.3:h:mediatek:mt8768:-:::::::* cpe:2.3:h:mediatek:mt8771:-:::::::* cpe:2.3:h:mediatek:mt8781:-:::::::* cpe:2.3:h:mediatek:mt8786:-:::::::* cpe:2.3:h:mediatek:mt8788:-:::::::* cpe:2.3:h:mediatek:mt8788e:-:::::::* cpe:2.3:h:mediatek:mt8789:-:::::::* cpe:2.3:h:mediatek:mt8791:-:::::::* cpe:2.3:h:mediatek:mt8791t:-:::::::* cpe:2.3:h:mediatek:mt8795t:-:::::::* cpe:2.3:h:mediatek:mt8797:-:::::::* cpe:2.3:h:mediatek:mt8798:-:::::::* cpe:2.3:o:mediatek:nr16:-:::::::* cpe:2.3:o:mediatek:nr17:-:::::::* cpe:2.3:o:mediatek:nr17r:-:::::::*
Vendors & Products		Mediatek Mediatek mt2737 Mediatek mt6813 Mediatek mt6835 Mediatek mt6835t Mediatek mt6878 Mediatek mt6878m Mediatek mt6879 Mediatek mt6886 Mediatek mt6895 Mediatek mt6895tt Mediatek mt6896 Mediatek mt6897 Mediatek mt6899 Mediatek mt6980 Mediatek mt6980d Mediatek mt6983 Mediatek mt6983t Mediatek mt6985 Mediatek mt6985t Mediatek mt6989 Mediatek mt6989t Mediatek mt6990 Mediatek mt6991 Mediatek mt8666 Mediatek mt8667 Mediatek mt8673 Mediatek mt8675 Mediatek mt8676 Mediatek mt8678 Mediatek mt8765 Mediatek mt8766 Mediatek mt8768 Mediatek mt8771 Mediatek mt8781 Mediatek mt8786 Mediatek mt8788 Mediatek mt8788e Mediatek mt8789 Mediatek mt8791 Mediatek mt8791t Mediatek mt8795t Mediatek mt8797 Mediatek mt8798 Mediatek nr16 Mediatek nr17 Mediatek nr17r
Metrics		cvssV3_1 `{'score': 5.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N'}`

Mon, 05 May 2025 03:00:00 +0000

Type	Values Removed	Values Added
Description		In Modem, there is a possible permission bypass due to improper certificate validation. This could lead to remote information disclosure, if a UE has connected to a rogue base station controlled by the attacker, with User execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01334347; Issue ID: MSV-2772.
Weaknesses		CWE-295
References		https://corp.mediatek.com/product-security-bulletin/May-2025

MITRE

Status: PUBLISHED

Assigner: MediaTek

Published: 2025-05-05T02:49:16.856Z

Updated: 2025-05-05T02:49:16.856Z

Reserved: 2024-11-01T01:21:50.370Z

Link: CVE-2025-20670

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2025-05-05T03:15:22.300

Modified: 2025-05-06T14:09:25.333

Link: CVE-2025-20670

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction Required

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object