CVE-2025-20634
published 2025-02-03CVE-2025-20634: In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue…
PriorityP263critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.69%
48.0th percentile
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01289384; Issue ID: MSV-2436.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability resides in the Modem component; exploitation requires a UE (User Equipment) to connect to a rogue/malicious base station — monitor for unexpected or unauthorized base station connections (IMSI catcher / rogue BTS activity) as a precursor indicator. ↗
- →No user interaction is required and no additional privileges are needed for exploitation, meaning the attack surface is entirely over-the-air at the modem layer — detection should focus on anomalous modem/baseband behavior rather than OS-level indicators. ↗
- →Track patch status for MediaTek Modem patch ID MOLY01289384 (Issue MSV-2436) on affected devices; unpatched devices remain vulnerable to remote code execution via malicious base station. ↗
- →Android Security Bulletin February 2025 references this CVE under the Modem component with Android reference A-381773169 and MediaTek reference M-MOLY01289384 — use these identifiers to verify patch application on Android devices. ↗
- ·Exploitation is conditional on the victim UE actively connecting to an attacker-controlled rogue base station; the vulnerability is not exploitable without this network-layer precondition. ↗
- ·The vulnerability is an out-of-bounds write due to a missing bounds check in the Modem component — exploitation occurs at the baseband/modem layer, below the Android OS, limiting visibility from standard OS-level security tooling. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q7vj-9wm2-wvxr: In Modem, there is a possible out of bounds write due to a missing bounds check
ghsa_unreviewed·2025-02-03
CVE-2025-20634 [CRITICAL] CWE-787 GHSA-q7vj-9wm2-wvxr: In Modem, there is a possible out of bounds write due to a missing bounds check
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01289384; Issue ID: MSV-2436.
Android
CVE-2025-20634: Modem
vendor_android·2025-02-01·CVSS 9.8
CVE-2025-20634 [CRITICAL] CVE-2025-20634: Modem
Android Security Bulletin 2025-02-01
CVE: CVE-2025-20634
Severity: HIGH
Component: Modem
References: A-381773169
M-MOLY01289384
*
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-02-03
Published