Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
AnalysisAI
Remote denial of service in Unisoc modem IMS (IP Multimedia Subsystem) implementation allows unauthenticated network attackers to crash telephony services on affected chipsets through malformed input. Affects 16 Unisoc chipset models spanning SC and T series (SC7731E through T8300) used in budget and mid-range mobile devices. No public exploit identified at time of analysis. CVSS 7.5 (High) reflects network accessibility and service disruption potential, though EPSS data unavailable for risk prioritization.
Technical ContextAI
The vulnerability resides in the IMS (IP Multimedia Subsystem) component of Unisoc modem firmware, which handles VoLTE, VoWiFi, and other IP-based telephony services over LTE and 5G networks. IMS uses SIP (Session Initiation Protocol) for call control and media negotiation. The improper input validation flaw likely exists in SIP message parsing or handling logic within the modem's baseband processor. Affected products span Unisoc's entire chipset portfolio per CPE data: legacy SC series (SC7731E, SC9832E, SC9863A) and current T series (T310, T610, T618, T7200, T7225, T7250, T7255, T7280, T7300, T8100, T9100, T8200, T8300). These chipsets are commonly used by manufacturers like Transsion (Tecno, Infinix, itel), Motorola, and various regional Android device vendors. CWE classification not provided by vendor, though this matches CWE-20 (Improper Input Validation) patterns in telecommunications protocol parsers.
RemediationAI
Apply modem firmware updates from device manufacturers incorporating Unisoc's security patch per the January 2025 product security bulletin (https://www.unisoc.com/en/support/product-security-bulletin/2051836844671422466). Patch version not independently confirmed from available data - contact device OEM for specific firmware build numbers addressing CVE-2025-71254. For enterprise deployments: inventory devices containing affected Unisoc chipsets via procurement records or IMEI-based chipset identification, prioritize patching for devices used in critical roles (emergency services, field operations), and expedite OEM patch deployment timelines through vendor management channels. Compensating controls if patches unavailable: disable VoLTE/VoWiFi features in modem settings (forces fallback to 3G circuit-switched voice, eliminating IMS attack surface but degrades call quality and data-during-call capability), implement network-level SIP message filtering at carrier edge if enterprise operates private LTE/5G (requires deep packet inspection of malformed IMS signaling, complex to deploy without vendor-specific indicators of compromise), or restrict affected devices from high-security contexts until patched. Note disabling IMS impacts emergency calling in VoLTE-only network areas.
More in Sc7731E Sc9832E Sc9863A T310 T610 T618 T7200 T7225 T7250 T7255 T7280 T7300 T8100 T9100 T8200 T8300
View allRemote denial of service in the IMS (IP Multimedia Subsystem) implementation of Unisoc mobile chipsets allows an unauthe
Remote attackers can crash Unisoc chipset IMS (IP Multimedia Subsystem) implementations through network-accessible malfo
Remote denial of service in Unisoc modem IMS implementation across 16 chipset families (SC7731E through T8300) allows un
Remote denial of service in Unisoc modem IMS stack allows network attackers to crash affected devices through malformed
Remote denial of service in Unisoc Modem IMS stack allows unauthenticated network attackers to crash mobile devices thro
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-209653
GHSA-x7wj-r2hg-35fm