8.8

CVE-2025-20704

In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01516959; Issue ID: MSV-3502.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users.
Data is provided by the National Vulnerability Database (NVD)
MediatekNr17 Version-
   MediatekMt6813 Version-
   MediatekMt6835 Version-
   MediatekMt6835t Version-
   MediatekMt6878 Version-
   MediatekMt6878m Version-
   MediatekMt6897 Version-
   MediatekMt6899 Version-
   MediatekMt6991 Version-
   MediatekMt8676 Version-
   MediatekMt8678 Version-
   MediatekMt8792 Version-
   MediatekMt8863 Version-
   MediatekMt8873 Version-
   MediatekMt8883 Version-
MediatekNr17r Version-
   MediatekMt6813 Version-
   MediatekMt6835 Version-
   MediatekMt6835t Version-
   MediatekMt6878 Version-
   MediatekMt6878m Version-
   MediatekMt6897 Version-
   MediatekMt6899 Version-
   MediatekMt6991 Version-
   MediatekMt8676 Version-
   MediatekMt8678 Version-
   MediatekMt8792 Version-
   MediatekMt8863 Version-
   MediatekMt8873 Version-
   MediatekMt8883 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.22% 0.443
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.