CVE-2025-20678NVD

Vulnerability Summary

In ims service, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01394606; Issue ID: MSV-2739.

Severity Level

HIGH(7.5)

Published Date

Jun 2, 2025

Last Modified

Jul 10, 2025

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

CWE-674: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

ScopeUnchanged

ConfidentialityNone

IntegrityNone

AvailabilityHigh

External References

https://corp.mediatek.com/product-security-bulletin/June-2025

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2025-20678NVD

Vulnerability Summary

External References