Security Advisory: MediaTek disclosed critical vulnerabilities along with remediation for its modem and system components. Since the vulnerabilities affected thousands of devices, amounting to both multiple high- and medium vulnerabilities that affected, 60 chipsets used in smartphones, routers and IoT devices.

OEM	MediaTek
Severity	High
CVSS Score	8.3 (NOA)
CVEs	CVE-2025-20708, CVE-2025-20703, CVE-2025-20704, CVE-2025-20705, CVE-2025-20706, CVE-2025-20707
POC Available	No
Actively Exploited	No
Exploited in Wild	No
Advisory Version	1.0

Overview 

MediaTek issued a critical security update in September 2025 and key issues include modem-related flaws such as remote code execution, denial of service via rogue base stations and local privilege escalation.

Other vulnerabilities include WLAN buffer overflows, bootloader logic flaws and keymaster information leaks impacting Android devices and OpenWRT/Yocto platforms. There has been no active exploitation noticed and MediaTek began distributing patches to OEMs from July 2025 and urges immediate firmware updates to mitigate the issues. 

Vulnerability Name	CVE ID	Product Affected	Severity
​Out-of-bounds write in Modem	CVE-2025-20708	Affected chipsets – 60 chipsets  Modem NR15,16,17,17R software versions.	High
Out-of-bounds read in Modem	CVE-2025-20703	Affected chipsets – 57 chipsets  Modem NR15,16,17,17R software versions.	High
Out-of-bounds write in Modem	CVE-2025-20704	Affected chipsets – 14 chipsets  Modem NR17,17R software versions.	High
Use after free in monitor_hang	CVE-2025-20705	Affected chipsets – 39 chipsets  Android 13 – 16,   openWRT 19.07, 21.02 / Yocto 2.6 software versions.	Medium
Use after free in mbrain	CVE-2025-20706	Affected chipsets – 5 chipsets  Android 14 – 15 software versions.	Medium
Use after free in geniezone	CVE-2025-20707	Affected chipsets – 60 chipsets  Android 13 – 15 software versions.	Medium

Technical Summary 

These vulnerabilities primarily include out-of-bounds read and write errors (CWE-125, CWE-787) and use-after-free issues (CWE-416), resulting from improper bounds checking and memory management flaws. 

An attacker controlling a rogue base station can exploit these flaws remotely without requiring user interaction, potentially causing remote denial of service, unauthorized privilege escalation, or local privilege escalation if system privileges are already obtained. The exploitation of these vulnerabilities could compromise device stability, security and confidentiality by corrupting memory or executing arbitrary code. Affected devices use modem firmware versions NR15 through NR17R, and a wide spectrum of chipsets, highlighting the broad attack surface. 

CVE ID	Vulnerability Details	Impact
CVE-2025-20708	An out-of-bounds write flaw exists in the Modem due to incorrect bounds checking. This vulnerability allows remote escalation of privilege when a UE connects to a rogue base station, without requiring additional execution privileges or user interaction.	Unauthorized access, data interception, disruption of cellular services
CVE-2025-20703	The Modem is affected by an out-of-bounds read issue caused by improper bounds validation. This can result in remote denial of service if connected to a malicious base station, and exploitation requires no user interaction or extra privileges.	Denial of Service (DoS), modem or device crash, freeze, unresponsiveness
CVE-2025-20704	Due to a missing bounds check, the Modem is vulnerable to an out-of-bounds write. Exploiting this flaw can lead to remote escalation of privilege when connected to a rogue base station, though user interaction is necessary.	Remote privilege escalation, unauthorized elevated access
CVE-2025-20705	A use-after-free condition in the monitor_hang module can cause memory corruption, potentially leading to local escalation of privilege if the attacker already has System-level access. Exploitation does not require user interaction.	Local privilege escalation, memory corruption
CVE-2025-20706	The mbrain component suffers from a use-after-free vulnerability that can result in memory corruption. This may allow local privilege escalation for an attacker with System privileges, without needing user interaction.	Local privilege escalation, memory corruption
CVE-2025-20707	In the geniezone module, a use-after-free vulnerability can cause memory corruption and permit local privilege escalation if the attacker has System privileges, with no user interaction needed.	Local privilege escalation, memory corruption

Recommendations: 

Here are some recommendations below 

• Once OEM updates are available, make sure to update your device promptly to apply the latest security patches addressing these vulnerabilities. 

• Avoid connecting to unknown networks to reduce the risk of remote exploitation. 

• Keep your device’s operating system and apps updated to the latest version. 

Conclusion: 
MediaTek’s recent security update addresses critical vulnerabilities, especially in modem firmware, that could allow remote attacks without user interaction. Although no active exploits have been found, the severity and scope of these flaws make it vital for manufacturers and users to promptly apply patches to protect devices and data. 

The company reassures end users that proactive notification and remediation precede public disclosure, underscoring MediaTek’s commitment to chipset and product security.

References: 

• https://corp.mediatek.com/product-security-bulletin/September-2025#CVE_2025_20704 

• https://cybersecuritynews.com/mediatek-security-update/