Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionCVE.org
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
AnalysisAI
Remote denial of service in Unisoc modem IMS implementation across 16 chipset families (SC7731E through T8300) allows unauthenticated network attackers to crash mobile device modem services via crafted IMS traffic. The improper input validation vulnerability (CVSS 7.5) enables high-impact availability attacks against millions of deployed Android smartphones and IoT devices using Unisoc chipsets. No public exploit identified at time of analysis, with EPSS data unavailable for this recently disclosed January 2025 vulnerability.
Technical ContextAI
The vulnerability resides in the IP Multimedia Subsystem (IMS) component of Unisoc baseband modems. IMS is a framework for delivering IP multimedia services over mobile networks, handling voice over LTE (VoLTE), video calling, and RCS messaging. The affected code fails to properly validate incoming IMS protocol messages before processing, allowing malformed packets to trigger a denial of service condition. Unisoc modems are widely deployed in budget and mid-range smartphones globally, particularly in emerging markets. The CPE identifier covers a broad range of chipset families including SC-series (entry-level), T6xx/T7xx (mid-range 4G/5G), T8xxx and T9xxx series (advanced 5G platforms), representing Unisoc's complete modem product line from 2019-2024. Without a specified CWE, the root cause class cannot be precisely determined, though the description suggests CWE-20 (Improper Input Validation) or potentially CWE-1286 (Improper Validation of Syntactic Correctness of Input).
RemediationAI
Apply firmware updates provided through device manufacturer OTA channels. Unisoc's January 2025 Product Security Bulletin (https://www.unisoc.com/en/support/product-security-bulletin/2051836844671422466) provides details for chipset vendors and OEMs, though specific patched firmware versions are not publicly enumerated. End users should check for system updates from their device manufacturer (Settings > System > System Update on most Android devices). Until patches are deployed, network-side compensating controls include enabling IMS-level authentication and integrity protection (IPsec ESP or TLS) if not already enforced by carrier policy, and implementing anomaly detection for malformed IMS messages at mobile core network elements (P-CSCF/I-CSCF). Enterprise mobility managers may consider temporarily disabling VoLTE/VoWiFi on affected devices in high-security environments, though this degrades voice service quality and eliminates emergency calling capabilities over LTE in some regions. Device-level mitigation is not feasible as IMS runs in the modem baseband processor, inaccessible to application-layer or OS-level controls.
More in Sc7731E Sc9832E Sc9863A T310 T610 T618 T7200 T7225 T7250 T7255 T7280 T7300 T8100 T9100 T8200 T8300
View allRemote denial of service in the IMS (IP Multimedia Subsystem) implementation of Unisoc mobile chipsets allows an unauthe
Remote attackers can crash Unisoc chipset IMS (IP Multimedia Subsystem) implementations through network-accessible malfo
Remote denial of service in Unisoc modem IMS (IP Multimedia Subsystem) implementation allows unauthenticated network att
Remote denial of service in Unisoc modem IMS stack allows network attackers to crash affected devices through malformed
Remote denial of service in Unisoc Modem IMS stack allows unauthenticated network attackers to crash mobile devices thro
Same technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-209655
GHSA-4g9h-2wqx-gcgm