CVE Vulnerabilities

CVE-2025-20670

Improper Certificate Validation

Published: May 05, 2025 | Modified: May 06, 2025
CVSS 3.x
5.7
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

In Modem, there is a possible permission bypass due to improper certificate validation. This could lead to remote information disclosure, if a UE has connected to a rogue base station controlled by the attacker, with User execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01334347; Issue ID: MSV-2772.

Weakness

The product does not validate, or incorrectly validates, a certificate.

Affected Software

Name Vendor Start Version End Version
Nr16 Mediatek - (including) - (including)
Nr17 Mediatek - (including) - (including)
Nr17r Mediatek - (including) - (including)

Potential Mitigations

References