Skip to main content

Unisoc IMS Modem CVE-2025-71254

| EUVDEUVD-2025-209653 HIGH
2026-05-06 Unisoc GHSA-x7wj-r2hg-35fm
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
Analysis Generated
May 06, 2026 - 02:16 vuln.today

DescriptionCVE.org

In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.

AnalysisAI

Remote denial of service in Unisoc modem IMS (IP Multimedia Subsystem) implementation allows unauthenticated network attackers to crash telephony services on affected chipsets through malformed input. Affects 16 Unisoc chipset models spanning SC and T series (SC7731E through T8300) used in budget and mid-range mobile devices. No public exploit identified at time of analysis. CVSS 7.5 (High) reflects network accessibility and service disruption potential, though EPSS data unavailable for risk prioritization.

Technical ContextAI

The vulnerability resides in the IMS (IP Multimedia Subsystem) component of Unisoc modem firmware, which handles VoLTE, VoWiFi, and other IP-based telephony services over LTE and 5G networks. IMS uses SIP (Session Initiation Protocol) for call control and media negotiation. The improper input validation flaw likely exists in SIP message parsing or handling logic within the modem's baseband processor. Affected products span Unisoc's entire chipset portfolio per CPE data: legacy SC series (SC7731E, SC9832E, SC9863A) and current T series (T310, T610, T618, T7200, T7225, T7250, T7255, T7280, T7300, T8100, T9100, T8200, T8300). These chipsets are commonly used by manufacturers like Transsion (Tecno, Infinix, itel), Motorola, and various regional Android device vendors. CWE classification not provided by vendor, though this matches CWE-20 (Improper Input Validation) patterns in telecommunications protocol parsers.

RemediationAI

Apply modem firmware updates from device manufacturers incorporating Unisoc's security patch per the January 2025 product security bulletin (https://www.unisoc.com/en/support/product-security-bulletin/2051836844671422466). Patch version not independently confirmed from available data - contact device OEM for specific firmware build numbers addressing CVE-2025-71254. For enterprise deployments: inventory devices containing affected Unisoc chipsets via procurement records or IMEI-based chipset identification, prioritize patching for devices used in critical roles (emergency services, field operations), and expedite OEM patch deployment timelines through vendor management channels. Compensating controls if patches unavailable: disable VoLTE/VoWiFi features in modem settings (forces fallback to 3G circuit-switched voice, eliminating IMS attack surface but degrades call quality and data-during-call capability), implement network-level SIP message filtering at carrier edge if enterprise operates private LTE/5G (requires deep packet inspection of malformed IMS signaling, complex to deploy without vendor-specific indicators of compromise), or restrict affected devices from high-security contexts until patched. Note disabling IMS impacts emergency calling in VoLTE-only network areas.

Share

CVE-2025-71254 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy