Skip to main content

Unisoc Modem IMS CVE-2025-71255

| EUVDEUVD-2025-209655 HIGH
2026-05-06 Unisoc GHSA-4g9h-2wqx-gcgm
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
Analysis Generated
May 06, 2026 - 02:16 vuln.today

DescriptionCVE.org

In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.

AnalysisAI

Remote denial of service in Unisoc modem IMS implementation across 16 chipset families (SC7731E through T8300) allows unauthenticated network attackers to crash mobile device modem services via crafted IMS traffic. The improper input validation vulnerability (CVSS 7.5) enables high-impact availability attacks against millions of deployed Android smartphones and IoT devices using Unisoc chipsets. No public exploit identified at time of analysis, with EPSS data unavailable for this recently disclosed January 2025 vulnerability.

Technical ContextAI

The vulnerability resides in the IP Multimedia Subsystem (IMS) component of Unisoc baseband modems. IMS is a framework for delivering IP multimedia services over mobile networks, handling voice over LTE (VoLTE), video calling, and RCS messaging. The affected code fails to properly validate incoming IMS protocol messages before processing, allowing malformed packets to trigger a denial of service condition. Unisoc modems are widely deployed in budget and mid-range smartphones globally, particularly in emerging markets. The CPE identifier covers a broad range of chipset families including SC-series (entry-level), T6xx/T7xx (mid-range 4G/5G), T8xxx and T9xxx series (advanced 5G platforms), representing Unisoc's complete modem product line from 2019-2024. Without a specified CWE, the root cause class cannot be precisely determined, though the description suggests CWE-20 (Improper Input Validation) or potentially CWE-1286 (Improper Validation of Syntactic Correctness of Input).

RemediationAI

Apply firmware updates provided through device manufacturer OTA channels. Unisoc's January 2025 Product Security Bulletin (https://www.unisoc.com/en/support/product-security-bulletin/2051836844671422466) provides details for chipset vendors and OEMs, though specific patched firmware versions are not publicly enumerated. End users should check for system updates from their device manufacturer (Settings > System > System Update on most Android devices). Until patches are deployed, network-side compensating controls include enabling IMS-level authentication and integrity protection (IPsec ESP or TLS) if not already enforced by carrier policy, and implementing anomaly detection for malformed IMS messages at mobile core network elements (P-CSCF/I-CSCF). Enterprise mobility managers may consider temporarily disabling VoLTE/VoWiFi on affected devices in high-security environments, though this degrades voice service quality and eliminates emergency calling capabilities over LTE in some regions. Device-level mitigation is not feasible as IMS runs in the modem baseband processor, inaccessible to application-layer or OS-level controls.

Share

CVE-2025-71255 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy