MediaTek September 2025 Security Bulletin: High-Severity Modem Flaws Could Enable Remote Attacks
Do Son 
MediaTek has published its September 2025 Product Security Bulletin, disclosing several high- and medium-severity vulnerabilities affecting a wide range of its chipsets. While there is “no evidence that these vulnerabilities have been exploited in the wild”, the bulletin warns that attackers could exploit flaws in MediaTek’s modem components to achieve remote escalation of privilege or denial-of-service.
Three high-severity flaws stand out in the bulletin, all tied to the modem component:
- CVE-2025-20708 – Out-of-bounds Write in Modem (High Severity)
According to MediaTek, “In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation.” - CVE-2025-20703 – Out-of-bounds Read in Modem (High Severity)
This flaw, also triggered by connecting to a rogue base station, “could lead to remote denial of service, with no additional execution privileges needed. User interaction is not needed for exploitation.” - CVE-2025-20704 – Out-of-bounds Write in Modem (High Severity)
Similar to CVE-2025-20708, this bug arises from a missing bounds check. However, MediaTek notes that “user interaction is needed for exploitation.” Successful exploitation could still result in remote privilege escalation.
These modem flaws are especially concerning because they can be triggered by rogue cellular base stations—an increasingly common attack vector in targeted surveillance campaigns.
The bulletin also describes three medium-severity issues, all tied to use-after-free conditions:
- CVE-2025-20705 – Use After Free in monitor_hang
“This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege.” - CVE-2025-20706 – Use After Free in mbrain
Similarly, “this could lead to local escalation of privilege if a malicious actor has already obtained the System privilege.” - CVE-2025-20707 – Use After Free in geniezone
The advisory notes this issue could also result in local privilege escalation, again requiring system-level access before exploitation.
The vulnerabilities impact a wide range of MediaTek chipsets, from MT27xx and MT67xx mobile platforms to newer MT68xx, MT69xx, and MT87xx models used in smartphones, tablets, and IoT devices. Affected software versions include Modem NR15–NR17R and Android builds from 13.0 through 16.0, as well as openWRT and Yocto distributions.
MediaTek confirms that OEMs have been notified in advance: “Device OEMs have been notified of all the issues and the corresponding security patches for at least two months before publication.”
Security updates have already been distributed to vendors, and end users are advised to apply the latest firmware or OS updates provided by their device manufacturers.
Related Posts:
- MediaTek Chipset Flaws: Out-of-Bounds Write Vulnerabilities Expose Smartphones & IoT Devices
- MediaTek May 2025 Security Bulletin: Chipset Vulnerabilities Disclosed
- Over 30% of Android devices have eavesdropping vulnerabilities, MediaTek is releasing an update to fix the vulnerabilities
- Synology Surveillance Station Vulnerabilities Expose Systems to Attack – Update Immediately
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
