CVE-2025-20670 – Huawei Modem Certificate Validation Bypass Remote Information Disclosure Vulnerability

May 4, 2025

CVE ID : CVE-2025-20670

Published : May 5, 2025, 3:15 a.m. | 17 minutes ago

Description : In Modem, there is a possible permission bypass due to improper certificate validation. This could lead to remote information disclosure, if a UE has connected to a rogue base station controlled by the attacker, with User execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01334347; Issue ID: MSV-2772.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-20671 – Thermal Out-of-Bounds Write Privilege Escalation Vulnerability

Next Article CVE-2025-20668 – “OpenSSH SCP Out-of-Bounds Write Privilege Escalation Vulnerability”

This week in AI dev tools: Gemini 2.5 Pro and Flash GA, GitHub Copilot Spaces, and more (June 20, 2025)

Gemini 2.5 Pro and Flash are generally available and Gemini 2.5 Flash-Lite preview is announced

CSS Cascade Layers Vs. BEM Vs. Utility Classes: Specificity Control

IBM launches new integration to help unify AI security and governance

One of World of Warcraft’s deadliest entities makes a world-shattering return after nearly 20 years — and he’s city-sized

It feels like Blizzard has abandoned Diablo 2: Resurrected — but there’s one way to keep it alive for years to come

Steam’s performance tracking tool is becoming more like the Steam Deck’s — you can try it out right now

Borderlands 4 is killing off a tired “FOMO” trend — I hope other developers follow suit

Dr. Axel’s JavaScript flashcards

Dr. Axel’s JavaScript flashcards

Syntax-Highlight – Custom Element For Syntax Highlighting Content

WelsonJS – Build a Windows app on the Windows built-in JavaScript engine

One of World of Warcraft’s deadliest entities makes a world-shattering return after nearly 20 years — and he’s city-sized

One of World of Warcraft’s deadliest entities makes a world-shattering return after nearly 20 years — and he’s city-sized

It feels like Blizzard has abandoned Diablo 2: Resurrected — but there’s one way to keep it alive for years to come

Steam’s performance tracking tool is becoming more like the Steam Deck’s — you can try it out right now

CVE-2025-20670 – Huawei Modem Certificate Validation Bypass Remote Information Disclosure Vulnerability

CVE-2025-49763: Apache Traffic Server Vulnerability Enables Memory Exhaustion Attacks

IBM QRadar SIEM Exposed by Trio of Security Flaws, Including Critical Command Execution Bug

Cryptojacking Campaign Exploits DevOps APIs Using Off-the-Shelf Tools from GitHub

MemOS: A Memory-Centric Operating System for Evolving and Adaptive Large Language Models

CVE-2025-48828 – vBulletin PHP Code Execution Vulnerability

CVE-2025-31203 – Apple macOS Sequoia Denial-of-Service Vulnerability

Vulnerabilità di sicurezza in Linux: come i rootkit basati su io_uring aggirano i sistemi di rilevamento

AI-Driven Human Hacking is a New Frontier in Cybersecurity

Chrome for Android May Let You Adjust Tab Strip Density – Here’s Why It Matters

CVE-2025-36573 – Dell Smart Dock Firmware Information Disclosure Vulnerability

CVE-2025-20670 – Huawei Modem Certificate Validation Bypass Remote Information Disclosure Vulnerability

Related Posts