cbcvebase.
CVE-2025-20634
published 2025-02-03

CVE-2025-20634: In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue…

PriorityP263critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.69%
48.0th percentile
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01289384; Issue ID: MSV-2436.

Affected

1 ranges
VendorProductVersion rangeFixed in
googleandroid

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability resides in the Modem component; exploitation requires a UE (User Equipment) to connect to a rogue/malicious base station — monitor for unexpected or unauthorized base station connections (IMSI catcher / rogue BTS activity) as a precursor indicator.
  • No user interaction is required and no additional privileges are needed for exploitation, meaning the attack surface is entirely over-the-air at the modem layer — detection should focus on anomalous modem/baseband behavior rather than OS-level indicators.
  • Track patch status for MediaTek Modem patch ID MOLY01289384 (Issue MSV-2436) on affected devices; unpatched devices remain vulnerable to remote code execution via malicious base station.
  • Android Security Bulletin February 2025 references this CVE under the Modem component with Android reference A-381773169 and MediaTek reference M-MOLY01289384 — use these identifiers to verify patch application on Android devices.
  • ·Exploitation is conditional on the victim UE actively connecting to an attacker-controlled rogue base station; the vulnerability is not exploitable without this network-layer precondition.
  • ·The vulnerability is an out-of-bounds write due to a missing bounds check in the Modem component — exploitation occurs at the baseband/modem layer, below the Android OS, limiting visibility from standard OS-level security tooling.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.