Description
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Published: 2026-05-06
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw resides in the Modem IMS component of Unisoc devices. An attacker can construct packets or messages that evade the component’s input validation, causing the modem to crash or hang. This results in a loss of all services that rely on the modem. No escalation of privileges is required.

Affected Systems

Affected hardware includes Unisoc (Shanghai) Technologies Co., Ltd.’s SC7731E, SC9832E, SC9863A, T310, T610, T618, T7200, T7225, T7250, T7255, T7280, T7300, T8100, T8200, and T8300 platforms. Software that embeds the Modem IMS stack is also impacted, notably Android operating systems version 13 through 16, as indicated by the listed CPEs. The vendor has not disclosed specific firmware or OS revisions containing the fix.

Risk and Exploitability

The CVSS score of 7.5 indicates high severity, and the EPSS of < 1 % shows a very low but non‑zero probability of exploitation. The vulnerability is not listed in CISA KEV, suggesting no publicly known exploits. Based on the description, it is inferred that attackers would need remote network access to the modem’s IMS interface, which could be over IP or a proprietary protocol. The flaw can be exploited without additional privileges, leading to a remote denial of service that can disrupt all cellular or satellite connectivity for the device.

Generated by OpenCVE AI on May 11, 2026 at 20:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply all available firmware or software updates from Unisoc that address the input validation flaw.
  • If no update is available, restrict or block external access to the modem’s IMS interface with firewall rules, network segmentation, or by disabling the interface.
  • Continuously monitor modem logs for crash or failure events and configure alerts to detect service disruptions.

Generated by OpenCVE AI on May 11, 2026 at 20:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 11 May 2026 21:00:00 +0000

Type Values Removed Values Added
Title Modem IMS Input Validation Flaw Causes Remote Denial of Service
Weaknesses CWE-400

Mon, 11 May 2026 19:00:00 +0000

Type Values Removed Values Added
Title Improper Input Validation in Modem IMS Leading to Remote Denial of Service
Weaknesses CWE-20

Mon, 11 May 2026 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Unisoc t8300
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t7200:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t7225:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t7250:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t7255:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t7280:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t7300:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t8100:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t8200:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t8300:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t9100:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:16.0:-:*:*:*:*:*:*
Vendors & Products Google
Google android
Unisoc t8300

Wed, 06 May 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 06 May 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Unisoc
Unisoc sc7731e
Unisoc sc9832e
Unisoc sc9863a
Unisoc t310
Unisoc t610
Unisoc t618
Unisoc t7200
Unisoc t7225
Unisoc t7250
Unisoc t7255
Unisoc t7280
Unisoc t7300
Unisoc t8100
Unisoc t8200
Unisoc t9100
Vendors & Products Unisoc
Unisoc sc7731e
Unisoc sc9832e
Unisoc sc9863a
Unisoc t310
Unisoc t610
Unisoc t618
Unisoc t7200
Unisoc t7225
Unisoc t7250
Unisoc t7255
Unisoc t7280
Unisoc t7300
Unisoc t8100
Unisoc t8200
Unisoc t9100

Wed, 06 May 2026 03:30:00 +0000

Type Values Removed Values Added
Title Improper Input Validation in Modem IMS Leading to Remote Denial of Service
Weaknesses CWE-20

Wed, 06 May 2026 02:00:00 +0000

Type Values Removed Values Added
Description In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}
cve-icon MITRE

Status: PUBLISHED

Assigner: Unisoc

Published:

Updated: 2026-05-06T12:50:34.970Z

Reserved: 2026-03-02T05:55:13.666Z

Link: CVE-2025-71254

cve-icon Vulnrichment

Updated: 2026-05-06T12:50:31.695Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-06T02:16:04.983

Modified: 2026-05-11T15:10:36.980

Link: CVE-2025-71254

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-11T20:45:26Z

Weaknesses