Skip to main content

Unisoc IMS EUVDEUVD-2025-209647

| CVE-2025-71251 HIGH
2026-05-06 Unisoc GHSA-rvm7-7x4c-96v8
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
Analysis Generated
May 06, 2026 - 02:15 vuln.today

DescriptionCVE.org

In IMS, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.

AnalysisAI

Remote attackers can crash Unisoc chipset IMS (IP Multimedia Subsystem) implementations through network-accessible malformed input, causing complete denial of service with no authentication required. Affects 17 Unisoc chipset models (SC7731E, SC9832E, SC9863A, T-series T310 through T8300) used in mobile devices. CVSS 7.5 (High) reflects direct network exposure and ease of exploitation (AV:N/AC:L/PR:N), though impact is limited to availability. No public exploit code identified at time of analysis, and EPSS data not available for assessment.

Technical ContextAI

IMS (IP Multimedia Subsystem) is the 3GPP standardized framework for delivering voice and multimedia services over IP networks, including VoLTE (Voice over LTE) and Wi-Fi calling. This vulnerability exists in Unisoc's IMS stack implementation across multiple mobile chipset platforms (SC-series and T-series). The root cause involves insufficient input validation when processing network traffic destined for IMS services. Unisoc chipsets are widely deployed in budget and mid-range smartphones, particularly in Asian and emerging markets. The affected CPE indicates platform-level vulnerability spanning 17 distinct chipset models from entry-level (SC7731E) to mid-range (T8300) processors. Without CWE classification, the precise validation failure type is unclear, but network-reachable input validation flaws in IMS typically involve SIP message parsing, SDP negotiation, or XCAP configuration protocols.

RemediationAI

Apply firmware updates from Unisoc or device manufacturers incorporating the IMS input validation fixes for affected chipset models per the vendor security bulletin at https://www.unisoc.com/en/support/product-security-bulletin/2051836844671422466. End users should check with device manufacturers (OEMs) for security updates addressing CVE-2025-71251. If patches are unavailable or delayed, network-level mitigations include restricting IMS traffic to known carrier IP ranges through firewall rules (though this may be impractical for mobile devices), or temporarily disabling VoLTE and Wi-Fi calling features in device settings to reduce IMS attack surface, accepting reduced call quality and fallback to legacy circuit-switched voice. Enterprise mobility management solutions can enforce configuration policies disabling IMS features on managed devices pending patch deployment. For carrier networks, implement anomaly detection for malformed IMS signaling traffic patterns that could indicate exploitation attempts.

Share

EUVD-2025-209647 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy