Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
AnalysisAI
Remote denial of service in Unisoc modem IMS stack allows network attackers to crash affected devices through malformed input without authentication. Affects 16 Unisoc chipset families (SC7731E, SC9832E, SC9863A, T-series T310 through T8300) used in mobile devices. No authentication, user interaction, or special configuration required (CVSS AV:N/AC:L/PR:N/UI:N). No public exploit code or CISA KEV listing identified at time of analysis, though EPSS data unavailable for risk quantification.
Technical ContextAI
The vulnerability exists in the IP Multimedia Subsystem (IMS) implementation within Unisoc modem firmware. IMS is a core framework for delivering voice and multimedia services over LTE/5G networks, handling SIP-based call setup, VoLTE, VoWiFi, and rich communication services. The improper input validation flaw allows specially crafted network packets to trigger a crash condition in the modem's IMS stack. This affects baseband processors across Unisoc's product line spanning entry-level (SC7xxx series) through mid-range and flagship (T-series) chipsets. The modem firmware operates at a privileged level below the Android application processor, meaning successful exploitation crashes the cellular radio subsystem rather than the device OS itself. Without assigned CWE classification, the root cause class remains unspecified but likely involves buffer handling, protocol state machine errors, or message parsing flaws common in telecommunications stacks.
RemediationAI
Apply modem firmware updates released by Unisoc addressing CVE-2025-71253 as documented in the vendor security bulletin at https://www.unisoc.com/en/support/product-security-bulletin/2051836844671422466. End users must obtain patches through device manufacturer firmware updates (OTA or manual installation) since modem firmware is bundled with device system images rather than independently updatable. Contact device OEM support channels to confirm update availability for specific models. Where patching is delayed or unavailable, implement network-level compensating controls: deploy IMS Application Layer Gateways (ALG) or Session Border Controllers (SBC) with strict SIP message validation to filter malformed IMS traffic before reaching vulnerable endpoints, though this requires carrier or enterprise infrastructure control. Disable VoLTE/VoWiFi features to reduce IMS stack exposure, with trade-offs including loss of HD voice quality and potential fallback to circuit-switched voice consuming more battery. For high-security deployments, restrict device usage to geographic regions where trusted carrier partnerships enable coordinated threat monitoring until patches deploy.
More in Sc7731E Sc9832E Sc9863A T310 T610 T618 T7200 T7225 T7250 T7255 T7280 T7300 T8100 T9100 T8200 T8300
View allRemote denial of service in the IMS (IP Multimedia Subsystem) implementation of Unisoc mobile chipsets allows an unauthe
Remote attackers can crash Unisoc chipset IMS (IP Multimedia Subsystem) implementations through network-accessible malfo
Remote denial of service in Unisoc modem IMS implementation across 16 chipset families (SC7731E through T8300) allows un
Remote denial of service in Unisoc modem IMS (IP Multimedia Subsystem) implementation allows unauthenticated network att
Remote denial of service in Unisoc Modem IMS stack allows unauthenticated network attackers to crash mobile devices thro
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-209651
GHSA-g5mc-j2xf-869g