๐Ÿ” CVE Alert

CVE-2025-20727

HIGH 8.1
CVSS Score
8.1
EPSS Score
0.0%
EPSS Percentile
0th

In Modem, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01672601; Issue ID: MSV-4623.

CWE CWE-787
Vendor mediatek, inc.
Product mt2735, mt2737, mt6739, mt6761, mt6762, mt6762d, mt6762m, mt6763, mt6765, mt6765t, mt6767, mt6768, mt6769, mt6769k, mt6769s, mt6769t, mt6769z, mt6771, mt6813, mt6833, mt6833p, mt6835, mt6835t, mt6853, mt6853t, mt6855, mt6855t, mt6873, mt6875, mt6875t, mt6877, mt6877t, mt6877tt, mt6878, mt6878m, mt6879, mt6880, mt6883, mt6885, mt6886, mt6889, mt6890, mt6891, mt6893, mt6895, mt6895tt, mt6896, mt6897, mt6899, mt6980, mt6980d, mt6983, mt6983t, mt6985, mt6985t, mt6989, mt6989t, mt6990, mt6991, mt8666, mt8667, mt8673, mt8675, mt8676, mt8678, mt8765, mt8766, mt8766r, mt8768, mt8771, mt8786, mt8788, mt8788e, mt8791, mt8791t, mt8792, mt8793, mt8795t, mt8797, mt8798, mt8863, mt8873, mt8883, mt8893
Published Nov 4, 2025
Last Updated Feb 26, 2026
Stay Ahead of the Next One

Get instant alerts for mediatek, inc. mt2735, mt2737, mt6739, mt6761, mt6762, mt6762d, mt6762m, mt6763, mt6765, mt6765t, mt6767, mt6768, mt6769, mt6769k, mt6769s, mt6769t, mt6769z, mt6771, mt6813, mt6833, mt6833p, mt6835, mt6835t, mt6853, mt6853t, mt6855, mt6855t, mt6873, mt6875, mt6875t, mt6877, mt6877t, mt6877tt, mt6878, mt6878m, mt6879, mt6880, mt6883, mt6885, mt6886, mt6889, mt6890, mt6891, mt6893, mt6895, mt6895tt, mt6896, mt6897, mt6899, mt6980, mt6980d, mt6983, mt6983t, mt6985, mt6985t, mt6989, mt6989t, mt6990, mt6991, mt8666, mt8667, mt8673, mt8675, mt8676, mt8678, mt8765, mt8766, mt8766r, mt8768, mt8771, mt8786, mt8788, mt8788e, mt8791, mt8791t, mt8792, mt8793, mt8795t, mt8797, mt8798, mt8863, mt8873, mt8883, mt8893

Be the first to know when new high vulnerabilities affecting mediatek, inc. mt2735, mt2737, mt6739, mt6761, mt6762, mt6762d, mt6762m, mt6763, mt6765, mt6765t, mt6767, mt6768, mt6769, mt6769k, mt6769s, mt6769t, mt6769z, mt6771, mt6813, mt6833, mt6833p, mt6835, mt6835t, mt6853, mt6853t, mt6855, mt6855t, mt6873, mt6875, mt6875t, mt6877, mt6877t, mt6877tt, mt6878, mt6878m, mt6879, mt6880, mt6883, mt6885, mt6886, mt6889, mt6890, mt6891, mt6893, mt6895, mt6895tt, mt6896, mt6897, mt6899, mt6980, mt6980d, mt6983, mt6983t, mt6985, mt6985t, mt6989, mt6989t, mt6990, mt6991, mt8666, mt8667, mt8673, mt8675, mt8676, mt8678, mt8765, mt8766, mt8766r, mt8768, mt8771, mt8786, mt8788, mt8788e, mt8791, mt8791t, mt8792, mt8793, mt8795t, mt8797, mt8798, mt8863, mt8873, mt8883, mt8893 are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

MediaTek, Inc. / MT2735, MT2737, MT6739, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769K, MT6769S, MT6769T, MT6769Z, MT6771, MT6813, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8666, MT8667, MT8673, MT8675, MT8676, MT8678, MT8765, MT8766, MT8766R, MT8768, MT8771, MT8786, MT8788, MT8788E, MT8791, MT8791T, MT8792, MT8793, MT8795T, MT8797, MT8798, MT8863, MT8873, MT8883, MT8893
Modem LR12A, NR15, NR16, NR17, NR17R

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
corp.mediatek.com: https://corp.mediatek.com/product-security-bulletin/November-2025