What is CVE-2025-20634?

CVE-2025-20634 is a critical vulnerability in Mediatek Modem products that allows for remote code execution via a missing bounds check. Immediate action is required to mitigate risks associated with potential exploitation.

What is the severity of CVE-2025-20634?

CVE-2025-20634 has a severity rating of CRITICAL with a CVSS base score of 9.8.

CVE-2025-20634 | Critical Vulnerability in Mediatek Modem

CVE-2025-20634 is classified as a critical vulnerability affecting Mediatek Modem products, specifically the nr16, nr17, and nr17r models. This vulnerability allows for a possible out of bounds write due to a missing bounds check. The severity of this flaw is reflected in its CVSS score of 9.8, indicating a significant risk to organizations utilizing these products. The risk is further exacerbated as the vulnerability could lead to remote code execution if a User Equipment (UE) connects to a rogue base station controlled by an attacker. Notably, no additional execution privileges are required, and user interaction is not needed for exploitation.

Organizations that deploy Mediatek Modem products should consider this vulnerability a high priority. Immediate action is warranted to address the potential exploitation and to maintain the integrity of their systems. The urgency of remediation efforts is underscored by the potential for attackers to gain unauthorized access, emphasizing the critical nature of this vulnerability.

As of now, no public exploits have been confirmed for this vulnerability, but the risk of exploitation remains significant, necessitating prompt patching and remediation strategies.

Organizations should prioritize the implementation of necessary patches and updates to mitigate the risks associated with CVE-2025-20634.

Vulnerability Details

The official description of CVE-2025-20634 states that it is a critical vulnerability in Mediatek Modem due to a missing bounds check. This can allow for remote code execution if an attacker controls a rogue base station. The CVSS score of 9.8 indicates the severity of the vulnerability, with high impacts on confidentiality, integrity, and availability.

Affected products include Mediatek nr16, nr17, and nr17r models. The vulnerability was published on February 3, 2025, and falls under the CWE classification of CWE-787.

Technical Analysis

The root cause of CVE-2025-20634 is a missing bounds check within the Modem component, which could lead to an out of bounds write. The attack vector is over the network with low complexity, requiring no privileges or user interaction. The impacts on confidentiality, integrity, and availability are high, highlighting the critical nature of this vulnerability.

Risk & Impact Analysis

The real-world risk associated with CVE-2025-20634 is significant, as attackers may leverage this vulnerability to execute arbitrary code remotely. The blast radius could be extensive if exploited, affecting multiple users connected to rogue base stations, thereby jeopardizing organizational security. Given the CVSS score of 9.8, organizations should address this vulnerability in their priority patch cycle.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected versions include Mediatek nr16, nr17, and nr17r models. Organizations should ensure they update to the latest patched versions to mitigate the risks associated with this vulnerability.

Mitigation & Remediation

Organizations are advised to apply the patch identified as MOLY01289384 to remediate this vulnerability. If the patch is unavailable, organizations should implement configuration hardening and network controls to limit exposure. Regular security assessments through penetration testing may also help identify and mitigate similar weaknesses in the future.

Detection Guidance

Organizations should monitor logs for indicators of unusual access patterns and behavioral anomalies that may suggest exploitation attempts. Additionally, network signatures should be updated to detect any unauthorized access attempts related to this vulnerability.

AppSecure Threat Intelligence Insight

CVE-2025-20634 highlights the ongoing risks associated with vulnerabilities in modem technologies. The trend of increasing vulnerabilities in network-facing devices necessitates that security teams adopt robust monitoring and remediation practices. Organizations should consider implementing a comprehensive penetration testing methodology to identify and mitigate such vulnerabilities effectively. Furthermore, understanding the implications of such vulnerabilities on the overall security posture is critical.

Organizations should also stay informed about emerging threats through continuous education and leverage resources such as the vulnerability management program to ensure they are prepared for evolving threats.

Ultimately, the responsibility lies with organizations to safeguard their networks against such vulnerabilities, making proactive measures vital.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-20634: Critical Vulnerability in Mediatek Modem