Description
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Published: 2026-05-06
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In Modem Integrated Modem Service (IMS) a flaw exists where the input is not properly validated. This allows an attacker to cause a remote denial of service. No additional privileges are required; the impact is limited to service disruption and possible loss of connectivity.

Affected Systems

Vendors affected are Unisoc (Shanghai) Technologies Co., Ltd. The vulnerability applies to a range of modem chipsets including SC7731E, SC9832E, SC9863A, T310, T610, T618, T7200, T7225, T7250, T7255, T7280, T7300, T8100, T9100, T8200, and T8300.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity level. The EPSS score is not available, so the current probability of exploitation can’t be quantified. The vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is remote, possibly over the air or through network traffic that the Modem IMS processes. No explicit conditions for exploitation are stated, but the attacker only needs to send crafted input that bypasses the validation.

Generated by OpenCVE AI on May 6, 2026 at 03:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Deploy the vendor-provided firmware update that implements proper input validation.
  • If an update is unavailable, disable the Modem IMS function or isolate the device from untrusted network traffic.
  • Continuously monitor device logs for repeated denial of service patterns and apply mitigation measures promptly.

Generated by OpenCVE AI on May 6, 2026 at 03:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 06 May 2026 03:30:00 +0000

Type Values Removed Values Added
Title Improper Input Validation in Modem IMS Leading to Remote Denial of Service
Weaknesses CWE-20

Wed, 06 May 2026 02:00:00 +0000

Type Values Removed Values Added
Description In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Unisoc

Published:

Updated: 2026-05-06T01:43:08.618Z

Reserved: 2026-03-02T05:55:13.666Z

Link: CVE-2025-71253

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-06T02:16:04.857

Modified: 2026-05-06T02:16:04.857

Link: CVE-2025-71253

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-06T03:30:05Z

Weaknesses