Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
AnalysisAI
Remote denial of service in Unisoc Modem IMS stack allows unauthenticated network attackers to crash mobile devices through improper input validation. Affects 16 Unisoc chipset families (SC7731E through T8300) widely deployed in budget smartphones and IoT devices across global markets. No authentication, user interaction, or elevated privileges required for exploitation. EPSS data and KEV status not available; no public exploit identified at time of analysis.
Technical ContextAI
The vulnerability resides in the IP Multimedia Subsystem (IMS) implementation within Unisoc's modem firmware. IMS is the 3GPP architectural framework for delivering voice and multimedia services over IP networks, used for VoLTE, VoWiFi, and RCS messaging. The flaw involves insufficient validation of network-supplied input in the IMS protocol stack, likely affecting SIP message parsing or session handling. Affected products span Unisoc's entire modern chipset portfolio including entry-level SC-series (SC7731E, SC9832E, SC9863A) and mid-range T-series (T310, T610, T618, T7200, T7225, T7250, T7255, T7280, T7300, T8100, T8200, T8300, T9100) baseband processors. These chipsets power millions of devices from manufacturers like Realme, Motorola, Nokia, and numerous ODMs targeting emerging markets. The absence of CWE classification limits understanding of the specific input validation failure class - could be buffer handling, format string, integer overflow, or protocol state machine issues.
RemediationAI
Apply firmware updates from Unisoc or device OEM partners addressing CVE-2025-71252. Unisoc Product Security Bulletin available at https://www.unisoc.com/en/support/product-security-bulletin/2051836844671422466 contains patch distribution schedule and OEM coordination details, though specific fixed firmware versions are not publicly enumerated. End users should check for system updates from device manufacturers (Settings > System > Software Update on Android). Enterprise deployments can implement network-layer compensating controls: configure mobile device management policies to disable VoLTE/VoWiFi if operationally feasible, reducing IMS attack surface at cost of call quality degradation and fallback to legacy circuit-switched voice. Network operators can deploy deep packet inspection on IMS signaling paths to filter malformed SIP messages, though this requires telecom-grade infrastructure and introduces processing latency. Restrict Wi-Fi calling to trusted networks only via EMM policies. For critical deployments where patching lags, consider temporary device replacement with non-Unisoc hardware if denial-of-service risk exceeds operational tolerance. Monitor carrier and OEM security bulletins for downstream patch releases incorporating Unisoc's fixes.
More in Sc7731E Sc9832E Sc9863A T310 T610 T618 T7200 T7225 T7250 T7255 T7280 T7300 T8100 T9100 T8200 T8300
View allRemote denial of service in the IMS (IP Multimedia Subsystem) implementation of Unisoc mobile chipsets allows an unauthe
Remote attackers can crash Unisoc chipset IMS (IP Multimedia Subsystem) implementations through network-accessible malfo
Remote denial of service in Unisoc modem IMS implementation across 16 chipset families (SC7731E through T8300) allows un
Remote denial of service in Unisoc modem IMS (IP Multimedia Subsystem) implementation allows unauthenticated network att
Remote denial of service in Unisoc modem IMS stack allows network attackers to crash affected devices through malformed
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-209649
GHSA-67w8-jv42-4j2q