#VU108521 Improper Certificate Validation in MediaTek products - CVE-2025-20670

Vulnerability identifier: #VU108521

Vulnerability risk: Medium

CVSSv4.0: 4.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-20670

CWE-ID: CWE-295

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
MT2737
Mobile applications / Mobile firmware & hardware
MT6813
Mobile applications / Mobile firmware & hardware
MT6835
Mobile applications / Mobile firmware & hardware
MT6835T
Mobile applications / Mobile firmware & hardware
MT6878
Mobile applications / Mobile firmware & hardware
MT6878M
Mobile applications / Mobile firmware & hardware
MT6879
Mobile applications / Mobile firmware & hardware
MT6886
Mobile applications / Mobile firmware & hardware
MT6895
Mobile applications / Mobile firmware & hardware
MT6895TT
Mobile applications / Mobile firmware & hardware
MT6896
Mobile applications / Mobile firmware & hardware
MT6897
Mobile applications / Mobile firmware & hardware
MT6899
Mobile applications / Mobile firmware & hardware
MT6980
Mobile applications / Mobile firmware & hardware
MT6980D
Mobile applications / Mobile firmware & hardware
MT6983
Mobile applications / Mobile firmware & hardware
MT6983T
Mobile applications / Mobile firmware & hardware
MT6985
Mobile applications / Mobile firmware & hardware
MT6985T
Mobile applications / Mobile firmware & hardware
MT6989
Mobile applications / Mobile firmware & hardware
MT6989T
Mobile applications / Mobile firmware & hardware
MT6990
Mobile applications / Mobile firmware & hardware
MT6991
Mobile applications / Mobile firmware & hardware
MT8666
Mobile applications / Mobile firmware & hardware
MT8667
Mobile applications / Mobile firmware & hardware
MT8673
Mobile applications / Mobile firmware & hardware
MT8675
Mobile applications / Mobile firmware & hardware
MT8676
Mobile applications / Mobile firmware & hardware
MT8678
Mobile applications / Mobile firmware & hardware
MT8765
Mobile applications / Mobile firmware & hardware
MT8766
Mobile applications / Mobile firmware & hardware
MT8768
Mobile applications / Mobile firmware & hardware
MT8771
Mobile applications / Mobile firmware & hardware
MT8781
Mobile applications / Mobile firmware & hardware
MT8786
Mobile applications / Mobile firmware & hardware
MT8788
Mobile applications / Mobile firmware & hardware
MT8788E
Mobile applications / Mobile firmware & hardware
MT8789
Mobile applications / Mobile firmware & hardware
MT8791
Mobile applications / Mobile firmware & hardware
MT8791T
Mobile applications / Mobile firmware & hardware
MT8795T
Mobile applications / Mobile firmware & hardware
MT8798
Mobile applications / Mobile firmware & hardware
MT8797
Hardware solutions / Firmware

Vendor: MediaTek

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to improper certificate validation in Modem. A remote user can gain access to sensitive informatin on the system.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

MT2737: All versions

MT6813: All versions

MT6835: All versions

MT6835T: All versions

MT6878: All versions

MT6878M: All versions

MT6879: All versions

MT6886: All versions

MT6895: All versions

MT6895TT: All versions

MT6896: All versions

MT6897: All versions

MT6899: All versions

MT6980: All versions

MT6980D: All versions

MT6983: All versions

MT6983T: All versions

MT6985: All versions

MT6985T: All versions

MT6989: All versions

MT6989T: All versions

MT6990: All versions

MT6991: All versions

MT8666: All versions

MT8667: All versions

MT8673: All versions

MT8675: All versions

MT8676: All versions

MT8678: All versions

MT8765: All versions

MT8766: All versions

MT8768: All versions

MT8771: All versions

MT8781: All versions

MT8786: All versions

MT8788: All versions

MT8788E: All versions

MT8789: All versions

MT8791: All versions

MT8791T: All versions

MT8795T: All versions

MT8797: All versions

MT8798: All versions

---

External links
https://corp.mediatek.com/product-security-bulletin/May-2025

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.