CVE-2025-71256 Google CVE debrief

Who should care

Android device owners, mobile OEMs, fleet administrators, carriers, and security teams responsible for devices running Android 13 through 16 or modem firmware derived from affected vendor builds.

Technical summary

The supplied record describes an improper input validation flaw in nr modem that can be triggered remotely and may result in denial of service. NVD classifies the issue as high severity with no confidentiality or integrity impact, but high availability impact. The record also maps the affected products to Android 13, 14, 15, and 16, and references a vendor advisory for additional context and remediation.

Defensive priority

High. This is remotely reachable, needs no authentication, and can affect availability across multiple Android versions.

Recommended defensive actions

• Review the vendor advisory and apply the relevant Android/OEM security update as soon as it is available.
• Inventory devices running Android 13, 14, 15, or 16 and confirm whether the OEM build or modem firmware is in scope.
• Prioritize patching internet-connected, carrier-managed, and enterprise-managed devices first.
• Monitor affected devices for modem instability, crashes, radio resets, or unexpected loss of service.
• Coordinate with the device OEM or carrier if patch timing depends on a firmware rollout rather than a standard OS update.

Evidence notes

This debrief is based on the supplied NVD record for CVE-2025-71256 and the referenced Unisoc vendor advisory URL. The NVD entry marks the vulnerability as analyzed and lists affected Android CPEs for versions 13.0 through 16.0. The CVSS vector provided by NVD is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, supporting the remote denial-of-service assessment.

Official resources