Description
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Published: 2026-05-06
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is rooted in improper input validation within the Modem IMS component of certain Unisoc SoCs. When a crafted packet or message reaches the modem stack, it can cause the system to crash or become unresponsive, resulting in a denial of service. This flaw does not provide a path to execute code or gain higher privileges; its primary impact is to interrupt network service for the affected device.

Affected Systems

Unisoc (Shanghai) Technologies SoCs including the SC7731E, SC9832E, SC9863A, and many T‑series modules such as T310, T610, T618, T7200, T7225, T7250, T7255, T7280, T7300, T8100, T8200, and T8300 are vulnerable; any device running the Modem IMS stack on these processors may be affected.

Risk and Exploitability

With a CVSS score of 7.5, the defect represents a medium to high risk. The EPSS score of < 1% indicates a very low but nonzero exploitation probability, and it is not listed in the CISA KEV catalog, suggesting no confirmed exploitation yet. The attack vector is inferred to be remote, originating from the network interface that feeds the Modem IMS, and requires no special privileges on the host.

Generated by OpenCVE AI on May 11, 2026 at 21:11 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor patch for the affected SoCs as soon as it becomes available
  • If a patch is not yet available, disable or restrict access to the Modem IMS function to stop traffic from reaching the vulnerable component
  • Implement network segmentation or firewall rules to block traffic destined for the Modem IMS ports or interfaces, limiting exposure to untrusted sources
  • Monitor device logs for abnormal Modem IMS restarts or crashes indicating exploit attempts

Generated by OpenCVE AI on May 11, 2026 at 21:11 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 11 May 2026 21:30:00 +0000

Type Values Removed Values Added
Title Improper Input Validation Leads to Remote Denial of Service in Unisoc Modem IMS
Weaknesses CWE-20

Mon, 11 May 2026 18:15:00 +0000

Type Values Removed Values Added
Title Remote Denial of Service via Improper Input Validation in Unisoc Modem IMS
Weaknesses CWE-20

Mon, 11 May 2026 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Unisoc t7225
Unisoc t7250
Unisoc t9100
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t7200:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t7225:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t7250:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t7255:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t7280:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t7300:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t8100:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t8200:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t8300:-:*:*:*:*:*:*:*
cpe:2.3:h:unisoc:t9100:-:*:*:*:*:*:*:*
cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:16.0:-:*:*:*:*:*:*
Vendors & Products Google
Google android
Unisoc t7225
Unisoc t7250
Unisoc t9100

Wed, 06 May 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 06 May 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Unisoc
Unisoc sc7731e
Unisoc sc9832e
Unisoc sc9863a
Unisoc t310
Unisoc t610
Unisoc t618
Unisoc t7200
Unisoc t7255
Unisoc t7280
Unisoc t7300
Unisoc t8100
Unisoc t8200
Unisoc t8300
Vendors & Products Unisoc
Unisoc sc7731e
Unisoc sc9832e
Unisoc sc9863a
Unisoc t310
Unisoc t610
Unisoc t618
Unisoc t7200
Unisoc t7255
Unisoc t7280
Unisoc t7300
Unisoc t8100
Unisoc t8200
Unisoc t8300

Wed, 06 May 2026 03:30:00 +0000

Type Values Removed Values Added
Title Remote Denial of Service via Improper Input Validation in Unisoc Modem IMS
Weaknesses CWE-20

Wed, 06 May 2026 02:00:00 +0000

Type Values Removed Values Added
Description In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}
cve-icon MITRE

Status: PUBLISHED

Assigner: Unisoc

Published:

Updated: 2026-05-06T12:55:25.546Z

Reserved: 2026-03-02T05:55:13.666Z

Link: CVE-2025-71255

cve-icon Vulnrichment

Updated: 2026-05-06T12:55:21.844Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-06T02:16:05.093

Modified: 2026-05-11T15:09:47.437

Link: CVE-2025-71255

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-11T21:15:46Z

Weaknesses