Description
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Published: 2026-05-06
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises from improper input validation in the Modem IMS component of certain Unisoc SoCs. An attacker sending specially crafted data can trigger conditions that cause the Modem IMS to crash or become unresponsive, leading to a denial of service. This flaw does not provide a pathway to execute arbitrary code or elevate privileges; its primary consequence is the interruption or degradation of network service for the affected device.

Affected Systems

The defect affects a range of Unisoc (Shanghai) Technologies SoCs, including SC7731E, SC9832E, SC9863A, and several T‑series modules such as T310, T610, T618, T7200, T7225, T7250, T7255, T7280, T7300, T8100, T9100, T8200, and T8300. All devices that run a Modem IMS stack on these processors are potentially vulnerable.

Risk and Exploitability

With a CVSS score of 7.5, the flaw presents a medium to high risk. The EPSS is not available, and it is not listed in the CISA KEV catalog, suggesting no confirmed exploitation yet. The attack vector is remote, originating from the network interface that feeds the Modem IMS, and requires no special privileges on the host.

Generated by OpenCVE AI on May 6, 2026 at 03:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor patch for the affected SoCs as soon as it is released
  • If a patch is not yet available, disable or restrict access to the Modem IMS function to prevent traffic from reaching the vulnerable component
  • Implement network segmentation or firewall rules to block traffic destined for the Modem IMS ports or interfaces, limiting exposure to untrusted sources
  • Monitor device logs for abnormal Modem IMS restarts or crashes indicating exploit attempts

Generated by OpenCVE AI on May 6, 2026 at 03:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 06 May 2026 03:30:00 +0000

Type Values Removed Values Added
Title Remote Denial of Service via Improper Input Validation in Unisoc Modem IMS
Weaknesses CWE-20

Wed, 06 May 2026 02:00:00 +0000

Type Values Removed Values Added
Description In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Unisoc

Published:

Updated: 2026-05-06T01:43:15.186Z

Reserved: 2026-03-02T05:55:13.666Z

Link: CVE-2025-71255

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-06T02:16:05.093

Modified: 2026-05-06T02:16:05.093

Link: CVE-2025-71255

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-06T03:30:05Z

Weaknesses