Description
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Published: 2026-05-06
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in the Modem Integrated Modem Service (IMS) allows an attacker to send malformed input that bypasses validation, resulting in a remote denial of service. No extra privileges are required and the impact remains confined to service disruption and loss of connectivity.

Affected Systems

The vulnerability affects Unisoc (Shanghai) Technologies Co., Ltd. chipsets, including SC7731E, SC9832E, SC9863A, T310, T610, T618, T7200, T7225, T7250, T7255, T7280, T7300, T8100, T9100, T8200, and T8300. Devices running Android 13.0 through 16.0 may also be impacted if the affected modem hardware is used.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity level, while an EPSS score of <1% shows a low but nonzero probability of exploitation. The vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is remote, potentially over the air or via network traffic processed by the Modem IMS, and no local privileges are required to exploit it.

Generated by OpenCVE AI on May 11, 2026 at 19:33 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Deploy the vendor‑provided firmware update that implements proper input validation.
  • If an update is unavailable, disable the Modem IMS function or isolate the device from untrusted network traffic.
  • Continuously monitor device logs for repeated denial‑of‑service patterns and apply mitigation measures promptly.

Generated by OpenCVE AI on May 11, 2026 at 19:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 11 May 2026 20:00:00 +0000

Type Values Removed Values Added
Title Improper Input Validation in Unisoc Modem IMS Enables Remote Denial of Service
Weaknesses CWE-20

Mon, 11 May 2026 18:30:00 +0000

Type Values Removed Values Added
Title Improper Input Validation in Modem IMS Leading to Remote Denial of Service
Weaknesses CWE-20

Mon, 11 May 2026 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t7200:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t7225:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t7250:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t7255:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t7280:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t7300:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t8100:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t8200:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t8300:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t9100:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:16.0:-:*:*:*:*:*:*
Vendors & Products Google
Google android

Wed, 06 May 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 06 May 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Unisoc
Unisoc sc7731e
Unisoc sc9832e
Unisoc sc9863a
Unisoc t310
Unisoc t610
Unisoc t618
Unisoc t7200
Unisoc t7225
Unisoc t7250
Unisoc t7255
Unisoc t7280
Unisoc t7300
Unisoc t8100
Unisoc t8200
Unisoc t8300
Unisoc t9100
Vendors & Products Unisoc
Unisoc sc7731e
Unisoc sc9832e
Unisoc sc9863a
Unisoc t310
Unisoc t610
Unisoc t618
Unisoc t7200
Unisoc t7225
Unisoc t7250
Unisoc t7255
Unisoc t7280
Unisoc t7300
Unisoc t8100
Unisoc t8200
Unisoc t8300
Unisoc t9100

Wed, 06 May 2026 03:30:00 +0000

Type Values Removed Values Added
Title Improper Input Validation in Modem IMS Leading to Remote Denial of Service
Weaknesses CWE-20

Wed, 06 May 2026 02:00:00 +0000

Type Values Removed Values Added
Description In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}
cve-icon MITRE

Status: PUBLISHED

Assigner: Unisoc

Published:

Updated: 2026-05-06T15:24:34.885Z

Reserved: 2026-03-02T05:55:13.666Z

Link: CVE-2025-71253

cve-icon Vulnrichment

Updated: 2026-05-06T14:37:10.913Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-06T02:16:04.857

Modified: 2026-05-11T15:11:54.697

Link: CVE-2025-71253

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-11T19:45:08Z

Weaknesses