9.8

CVE-2025-20634

In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01289384; Issue ID: MSV-2436.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MediatekNr16 Version-
   MediatekMt2737 Version-
   MediatekMt6813 Version-
   MediatekMt6835 Version-
   MediatekMt6835t Version-
   MediatekMt6878 Version-
   MediatekMt6878m Version-
   MediatekMt6879 Version-
   MediatekMt6886 Version-
   MediatekMt6895 Version-
   MediatekMt6895tt Version-
   MediatekMt6896 Version-
   MediatekMt6897 Version-
   MediatekMt6899 Version-
   MediatekMt6980 Version-
   MediatekMt6980d Version-
   MediatekMt6983 Version-
   MediatekMt6983t Version-
   MediatekMt6985 Version-
   MediatekMt6985t Version-
   MediatekMt6989 Version-
   MediatekMt6989t Version-
   MediatekMt6990 Version-
   MediatekMt6991 Version-
   MediatekMt8673 Version-
   MediatekMt8676 Version-
   MediatekMt8678 Version-
   MediatekMt8795t Version-
   MediatekMt8798 Version-
   MediatekMt8863 Version-
MediatekNr17 Version-
   MediatekMt2737 Version-
   MediatekMt6813 Version-
   MediatekMt6835 Version-
   MediatekMt6835t Version-
   MediatekMt6878 Version-
   MediatekMt6878m Version-
   MediatekMt6879 Version-
   MediatekMt6886 Version-
   MediatekMt6895 Version-
   MediatekMt6895tt Version-
   MediatekMt6896 Version-
   MediatekMt6897 Version-
   MediatekMt6899 Version-
   MediatekMt6980 Version-
   MediatekMt6980d Version-
   MediatekMt6983 Version-
   MediatekMt6983t Version-
   MediatekMt6985 Version-
   MediatekMt6985t Version-
   MediatekMt6989 Version-
   MediatekMt6989t Version-
   MediatekMt6990 Version-
   MediatekMt6991 Version-
   MediatekMt8673 Version-
   MediatekMt8676 Version-
   MediatekMt8678 Version-
   MediatekMt8795t Version-
   MediatekMt8798 Version-
   MediatekMt8863 Version-
MediatekNr17r Version-
   MediatekMt2737 Version-
   MediatekMt6813 Version-
   MediatekMt6835 Version-
   MediatekMt6835t Version-
   MediatekMt6878 Version-
   MediatekMt6878m Version-
   MediatekMt6879 Version-
   MediatekMt6886 Version-
   MediatekMt6895 Version-
   MediatekMt6895tt Version-
   MediatekMt6896 Version-
   MediatekMt6897 Version-
   MediatekMt6899 Version-
   MediatekMt6980 Version-
   MediatekMt6980d Version-
   MediatekMt6983 Version-
   MediatekMt6983t Version-
   MediatekMt6985 Version-
   MediatekMt6985t Version-
   MediatekMt6989 Version-
   MediatekMt6989t Version-
   MediatekMt6990 Version-
   MediatekMt6991 Version-
   MediatekMt8673 Version-
   MediatekMt8676 Version-
   MediatekMt8678 Version-
   MediatekMt8795t Version-
   MediatekMt8798 Version-
   MediatekMt8863 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.7% 0.71
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.